On 07Jul2021 10:59, Pierre Dupond <76nem...@gmx.ch> wrote: > I am setting up a firewall with PF. The strategy used is quite > common: > set block-policy return > set loginterface none > set skip on lo0 > match in all scrub (random-id reassemble tcp) > block log
I think this sets _both_ block and log as the packet acceptance state. _Not_ "log if I block" i.e. a pass rule will still log. Try putting just "block" here, and annotating only the rules you want to log with "log". I was going to suggest a final "block log", but that will only work if all your pass rules have "quick", preventing further rules from applying. Cheers, Cameron Simpson <c...@cskk.id.au>
