pf & tcpdump
Stephane D'Alu
sdalu at sdalu.com
Fri Nov 13 12:51:04 UTC 2009
On 13/11/2009 13:08, Ian Smith wrote:
> On Fri, 13 Nov 2009, Stephane D'Alu wrote:
> > Is there a way to have tcpdump only showing packed that have pass the
> > filtering rules, so to check that firewall rules were correctly written and
> > not letting unwanted packets in.
>
> tcpdump sees packets before they're passed to the firewall coming in,
> and after the firewall going out. Lack of response to inbound packets
> that the firewall is supposed to block is usually a good sign ..
>
> Easiest way to see firewall rules are working is to add logging to them.
>
So if I understand correctly, there is no way in tcpdump to only select
the packets "going out after the firewall"
thanks
--
Stephane
More information about the freebsd-net
mailing list