selective logging of what pf is rejecting?
bob self
bobself at charter.net
Fri Sep 9 11:52:30 PDT 2005
My pf.conf file looks something like this
block in all
block out all
pass quick on lo0 keep state
antispoof for $ext_if
pass in on $ext_if from <goodguys> to any keep state
pass in log on $ext_if proto tcp from any to $ext_if port 80 flags S/SA
keep state label "www" #apache
block in on $ext_if from <badguys> to any
pass out on $ext_if proto tcp from any to any flags S/SA keep state #
allow any tcp setup out
pass out on $ext_if proto udp all keep state # allow any
udp out
pass on $ext_if inet proto icmp all icmp-type 8 code 0 keep state #
allow echo request in or out, (man pf.conf:1618)
Is there a way I can turn on (temporarily) logging of wht pf is not
allowing to come in? Also, is there a real-time tool that
will let you watch what pf if blocking from coming in?
How could you just log what pf allows to get through?
thanks,
Bob Self
More information about the freebsd-pf
mailing list