Thanks, Doug.
Here are the results after running pkg update once.
$ sudo tcpdump -n -e -ttt -r /var/log/pflog
Password:
reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
00:00:00.000000 rule 7/0(match): pass out on em0: 192.168.1.4.25334 >
192.168.1.1.53: 18844+[|domain]
00:00:00.049750 rule 7/0(match): pass out on em0: 192.168.1.4.48855 >
192.168.1.1.53: 59873+[|domain]
00:00:00.049459 rule 9/0(match): pass out on em0: 192.168.1.4.123 >
209.94.190.139.123: NTPv4, Client, length 48
00:00:00.887723 rule 9/0(match): pass out on em0: 192.168.1.4.123 >
64.6.144.6.123: NTPv4, Client, length 48
00:00:29.345987 rule 7/0(match): pass out on em0: 192.168.1.4.51718 >
192.168.1.1.53: 49030+[|domain]
00:00:00.442261 rule 7/0(match): pass out on em0: 192.168.1.4.12228 >
192.168.1.1.53: 15101+[|domain]
00:00:00.105498 rule 7/0(match): pass out on em0: 192.168.1.4.31652 >
192.168.1.1.53: 56618+[|domain]
00:00:00.136933 rule 3/0(match): pass out on em0:
2600:6c5c:6000:32a0:1a03:73ff:fe3a:d596.60802 > 2610:1c1:1:606c::50:1.80: [|tcp]
00:00:34.523685 rule 9/0(match): pass out on em0: 192.168.1.4.123 >
74.6.168.73.123: NTPv4, Client, length 48
00:00:00.526029 rule 3/0(match): pass out on em0: 192.168.1.4.12913 >
96.47.72.71.80: Flags [S], seq 1540288966, win 65535, options [mss
1460,nop,wscale 6,sackOK,TS[|tcp]>
00:00:00.075191 rule 7/0(match): pass out on em0: 192.168.1.4.11403 >
192.168.1.1.53: 30468+[|domain]
00:00:00.000800 rule 7/0(match): pass out on em0: 192.168.1.4.27145 >
192.168.1.1.53: 3978+[|domain]
00:00:00.000739 rule 3/0(match): pass out on em0:
2600:6c5c:6000:32a0:1a03:73ff:fe3a:d596.64864 > 2610:1c1:1:606c::50:1.80: [|tcp]
00:00:18.977520 rule 3/0(match): pass out on em0: 192.168.1.4.58497 >
96.47.72.71.80: Flags [S], seq 2776579475, win 65535, options [mss
1460,nop,wscale 6,sackOK,TS[|tcp]>
00:00:00.082616 rule 7/0(match): pass out on em0: 192.168.1.4.15248 >
192.168.1.1.53: 2366+[|domain]
00:00:00.000531 rule 7/0(match): pass out on em0: 192.168.1.4.65475 >
192.168.1.1.53: 41713+[|domain]
00:00:00.000772 rule 3/0(match): pass out on em0:
2600:6c5c:6000:32a0:1a03:73ff:fe3a:d596.55684 > 2610:1c1:1:606c::50:1.80: [|tcp]
00:00:18.883826 rule 3/0(match): pass out on em0: 192.168.1.4.25039 >
96.47.72.71.80: Flags [S], seq 222404333, win 65535, options [mss
1460,nop,wscale 6,sackOK,TS[|tcp]>
$
I have no idea how to interpret this. Any help would be appreciated.
On Wed, May 27, 2020, at 17:24, Doug Hardie wrote:
> > On 27 May 2020, at 14:16, Donald Mickunas <dmickunas1...@fastmail.com>
> > wrote:
> >
> > Thank you for you suggestion, Cristian.
> >
> > I have implemented your suggestion with unexpected results. Note: I did
> > reboot the system after I changed rc.conf.
> >
> > $ cat /etc/pf.conf
> > set skip on lo0
> > block all
> > pass in proto tcp to port { 22 }
> > pass out proto { tcp udp } to port { 22 53 80 123 443 }
> > pass out inet proto icmp icmp-type { echoreq }
> >
> > $ sudo tcpdump -n -e -ttt -r /var/log/pflog
> > reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
> > $
> >
> > no output. Did I miss something?
>
> You do not have an "log" commands in pf.conf. Add a "log" after "in"
> or "out" on each pass line. Then pf will do the logging.
>
> -- Doug
>
>
>
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
