pf & tcpdump
Stephane D'Alu
sdalu at sdalu.com
Fri Nov 13 14:04:47 UTC 2009
On 13/11/2009 14:27, Ian Smith wrote:
> On Fri, 13 Nov 2009, Stephane D'Alu wrote:
> > On 13/11/2009 13:08, Ian Smith wrote:
> > > [...]
> > > tcpdump sees packets before they're passed to the firewall coming in,
> > > and after the firewall going out. Lack of response to inbound packets
> > > that the firewall is supposed to block is usually a good sign ..
> > >
> > > Easiest way to see firewall rules are working is to add logging to them.
> > >
> >
> > So if I understand correctly, there is no way in tcpdump to only select the
> > packets "going out after the firewall"
>
I wrongly interpreted the last part of your answer as "packets going out
of the firewall processing" instead of "packets going out of the interface"
So now I understand, adding logging to the firewall is the only option left.
Sincerly
--
Stephane
More information about the freebsd-net
mailing list