I am trying to track down the IPs that are hitting my src limits, but I dont seem them logged. According to
https://www.freebsd.org/cgi/man.cgi?query=pflogd&sektion=8 I should be able to see the reason something got blocked e.g. if I have something like pass in log on $outside_nic proto tcp from any to $http_server port 80 keep state (max 25 max-src-conn-rate 2/60) How would I find the IP that is tripping up the max state rule or max-src-conn-rate ? Looking at pfctl -sinfo -v Limit Counters max states per rule 293319 0.2/s max-src-states 0 0.0/s max-src-nodes 0 0.0/s max-src-conn 0 0.0/s max-src-conn-rate 10273 0.0/s overload table insertion 0 0.0/s overload flush states 0 0.0/s The counters are increasing, but I never see it in pflog tcpdump -tttt -nei pflog0 -s0 reason state-limit or reason src-limit ---Mike _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
