2009/11/20 Enio Marconcini <eni...@gmail.com> > > 2009/11/20 Amim <octopusillus...@gmail.com> > > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote saindo >> por ela? >> >> Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus >> pacotes tão saindo por ali. >> >> -- >> Amim >> >> 2009/11/20 Enio Marconcini <eni...@gmail.com> >> >>> 2009/11/20 Giancarlo Rubio <gianru...@gmail.com> >>> >>> >>> > Tente adicionar no fim das suas regras >>> > block log quick from any to any >>> > >>> > e troque sua regra inicial de block log all para apenas block >>> > >>> > >>> > 2 >>> > >>> > >>> > -- >>> > Giancarlo Rubio >>> > ------------------------- >>> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >>> > >>> >>> fiz dessa forma, nada tbm >>> >>> só mostra isso >>> >>> tcpdump: WARNING: pflog0: no IPv4 address assigned >>> tcpdump: verbose output suppressed, use -v or -vv for full protocol >>> decode >>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size >>> 68 >>> bytes >>> 000000 rule 12/0(match): pass out on re1: [|ip] >>> 000521 rule 44/0(match): block in on re1: [|ip] >>> 2. 201811 rule 44/0(match): block in on re1: [|ip] >>> 8. 363237 rule 44/0(match): block in on re1: [|ip] >>> 000108 rule 44/0(match): block in on re1: [|ip] >>> 000028 rule 44/0(match): block in on re1: [|ip] >>> 000006 rule 44/0(match): block in on re1: [|ip] >>> 30. 996715 rule 44/0(match): block in on re1: [|ip] >>> 000009 rule 44/0(match): block in on re1: [|ip] >>> 000021 rule 44/0(match): block in on re1: [|ip] >>> 000019 rule 44/0(match): block in on re1: [|ip] >>> >>> >>> >>> -- >>> ENIO RODRIGO MARCONCINI >>> gtalk: eni...@gmail.com >>> skype: eniorm >>> msn: /dev/null >>> >>> > FreeBSD -:- OpenBSD -:- >>> > Coleções Marcas de Cigarros >>> < Obi-Wan has taught you well.... >>> ------------------------- >>> Histórico: http://www.fug.com.br/historico/html/freebsd/ >>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >>> >> >> > > o fluxo existe porém o tcpdump aparentemente está exibindo os dados não > indorretos, mas faltando informação > > 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip] > 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip] > 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip] > 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip] > > > note que tem os registros de block ou pass, normais das minhas regras, > porém as linhas nao trazem de onde e para onde (ip e porta) > > > > > -- > ENIO RODRIGO MARCONCINI > gtalk: eni...@gmail.com > skype: eniorm > msn: /dev/null > > > FreeBSD -:- OpenBSD -:- > > Coleções Marcas de Cigarros > < Obi-Wan has taught you well.... >
ahh esqueci de comentar, um tcpdump no arquivo binário /var/log/pflog mostra normalmente, mas nao em tempo real né, eu ja fiz tcpdump normal direto no interface pflog0 e exibia os dados completos ja verifiquei no meu conf de kernel, está ativo normalmente as opções e devices do PF de acordo com o handbook -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well.... ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
