hi this days i was doing that debuging the firewall i do this i put log in each rule i ant to debug then i pfctl -f /etc/pf.conf then pfctl -s rules > /home/david/rules.txt
then tcpdump -n -e -ttt -i pflog0 <filter option> you can look in the PF pdf for all the filter options now try each rule and you will see waht happend in the tcpdump output good look David 2005/12/22, Peter N. M. Hansteen <[EMAIL PROTECTED]>: > > Joachim Schipper <[EMAIL PROTECTED]> writes: > > > I like to macro pretty much every variable that is used in more than one > > place (i.e., hostnames, ports, etc; hostnames are especially likely to > > be re-re-re-...-used). > > That is very good advice. I tend to advocate that myself. > > > If you choose good names, it can make stuff easier to understand; and > > typos tend to be far more disastrous (either giving syntax errors or > > breaking a large part of the configuration), which is a good thing as > > you can then fix it immediately. > > This also is very true. There is no silver bullet, but keeping your rule > set readable will help prevent a lot of headaches. > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ > http://www.nuug.no/ > "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
