pf tcpdump rule def ?

Shadrock Uhuru Mon, 26 Dec 2022 20:24:03 -0800

hi everyone
viewing my pf logs with

tcpdump -nettt -i pflog0there are lines with no rule numbers

just rule def on the line instead,
i've tried googling without success,
need to know if they are wolf,sheep or misconfigurations causing them,
and against which rule do i match them up with.


the following is a snippet showing the rules
thanks shadrock

Dec 27 03:00:40.557716 rule 7/(match) block in on em0: 192.168.1.1 > 224.0.0.1: 
igmp query [tos 0xc0] [ttl 1]
Dec 27 03:00:59.495834 rule 35/(match) block in on pppoe0: 167.248.133.160.60037 
> 88.97.5.79.12473: S 904362479:904362479(0) win 1024
 <mss 1460>
 Dec 27 03:00:59.813362 rule def/(match) pass in on pppoe0: 198.252.206.25.443 
> 10.2.1.79.13522: P 3251931305:3251931366(61) ack 27080
 26055 win 63 <nop,nop,timestamp 1163664932 380011418>
 Dec 27 03:00:59.820893 rule def/(match) pass out on pppoe0: 88.97.5.79.14256 > 
198.252.206.25.443: P 4273536371:4273536410(39) ack 334
 5204755 win 256 <nop,nop,timestamp 380012019 1163664932> (DF)
 Dec 27 03:00:59.823015 rule def/(match) pass out on pppoe0: 88.97.5.79.14256 > 
198.252.206.25.443: P 39:78(39) ack 1 win 256 <nop,nop,
 timestamp 380012019 1163664932> (DF)
 Dec 27 03:00:59.825388 rule def/(match) pass out on pppoe0: 88.97.5.79.14256 > 
198.252.206.25.443: P 78:117(39) ack 1 win 256 <nop,nop,timestamp 380012019 
1163664932> (DF)
 Dec 27 03:00:59.900318 rule def/(match) pass in on pppoe0: 198.252.206.25.443 > 
10.2.1.79.13522: . ack 40 win 63 <nop,nop,timestamp 1163665020 380012019>
 Dec 27 03:00:59.902502 rule def/(match) pass in on pppoe0: 198.252.206.25.443 > 
10.2.1.79.13522: . ack 79 win 63 <nop,nop,timestamp 1163665022 380012019>
 Dec 27 03:00:59.904998 rule def/(match) pass in on pppoe0: 198.252.206.25.443 > 
10.2.1.79.13522: . ack 118 win 63 <nop,nop,timestamp 1163665024 380012019>
 Dec 27 03:01:03.661072 rule 35/(match) block in on pppoe0: 45.64.84.24.27789 > 
88.97.5.79.23: S 1482753359:1482753359(0) win 30613 <mss 1440>
 Dec 27 03:01:11.480942 rule 35/(match) block in on pppoe0: 205.185.127.238.40598 > 
88.97.5.79.60001: S 1843251311:1843251311(0) win 65535 <mss 536>
 Dec 27 03:01:11.935746 rule 7/(match) block in on bge0: 0.0.0.0 > 224.0.0.1: 
igmp query [len 12] [tos 0xc0] [ttl 1]
 Dec 27 03:01:25.422772 rule 38/(match) pass in on pppoe0: 145.131.132.84.443 > 
10.2.1.79.42434: P 5666:5697(31) ack 1264 win 244 <nop,nop,timestamp 3399431690 
2022623608>
 Dec 27 03:01:25.422795 rule 38/(match) pass in on pppoe0: 145.131.132.84.443 > 
10.2.1.79.42434: F 5697:5697(0) ack 1264 win 244 <nop,nop,timestamp 3399431690 
2022623608>
 Dec 27 03:01:25.424055 rule 38/(match) pass out on pppoe0: 88.97.5.79.8748 > 
145.131.132.84.443: . ack 5698 win 255 <nop,nop,timestamp 2022623738 3399431690> 
(DF)
 Dec 27 03:01:28.600657 rule 37/(match) pass in on pppoe0: 93.184.220.29.80 > 
10.2.1.79.12939: . ack 481 win 131 <nop,nop,timestamp 235524325 2023628235>
 Dec 27 03:01:28.601419 rule 37/(match) pass out on pppoe0: 88.97.5.79.31263 > 
93.184.220.29.80: . ack 575 win 256 <nop,nop,timestamp 2023628357 235524325> (DF)

pf tcpdump rule def ?

Reply via email to