pf & tcpdump
Nikolay Denev
ndenev at gmail.com
Fri Nov 13 14:15:10 UTC 2009
On Nov 13, 2009, at 2:51 PM, Stephane D'Alu wrote:
> On 13/11/2009 13:08, Ian Smith wrote:
>> On Fri, 13 Nov 2009, Stephane D'Alu wrote:
>> > Is there a way to have tcpdump only showing packed that have pass the
>> > filtering rules, so to check that firewall rules were correctly written and
>> > not letting unwanted packets in.
>>
>> tcpdump sees packets before they're passed to the firewall coming in,
>> and after the firewall going out. Lack of response to inbound packets
>> that the firewall is supposed to block is usually a good sign ..
>>
>> Easiest way to see firewall rules are working is to add logging to them.
>>
>
> So if I understand correctly, there is no way in tcpdump to only select the packets "going out after the firewall"
>
> thanks
>
> --
> Stephane
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
You can add logging to the rules as already suggested and then sniff with tcpdump on the pflog(4) device.
Regards,
Niki Denev
More information about the freebsd-net
mailing list