My 'tcpdump -n -e -i pflog0' generates lines like these:
11:22:12.538707 rule 267/(match) block in on em0: 172.16.2.97.32790 >
225.4.5.6.6001: udp 341 [ttl 1]
I am now trying to find out, what 'rule 267' should be and found posts
regarding 'pfctl -s rules'. My problem is, that rule number 267 has
absolutely nothing to do with the line logged above.
pfctl -s rules | sed -e '1,266d' -e '268,$d':
pass out log quick inet proto tcp from 172.16.2.178 port >= 1023 to
<id431E1F62.2> port = 4899 keep state label "[RULE:18 - IF:global -
ACTION:ACCEPT]"
I couldn't find any detailed information about how pflog numbers the
rules. Could anyone point me there?
Thanks!
--
Stephan A. Rickauer
----------------------------
Institut f|r Neuroinformatik
Universitdt / ETH Z|rich
Winterthurerstriasse 190
CH-8057 Z|rich
Tel: +41 44 635 30 50
Sek: +41 44 635 30 52
Fax: +41 44 635 30 53
http://www.ini.ethz.ch
----------------------------
