Why this rule doesn't score a match?
Thomas Rasmussen
thomas at gibfest.dk
Wed Jul 23 21:22:03 UTC 2008
Ivan Petrushev wrote:
> Hi Jon,
> Aaahhh, I see now - these FROM rules must be TO rules :D
> Thank you both for your replies.
>
> I'm going to monitor the outbond connections as well, but I think I
> will be OK then. This was the little stone in the shoe.
> I've already managed to let ICMP trough that 'block all' ;)
>
> Btw, I like the way pflog is working - deploying tcpdump on pflog0 and
> track down the logged packets. Is there a way to create another pflog
> device and use it for some different rules? I've seen there is an
> option to the 'log' keyword - (to pflogX), but I didn't managed to
> find out how to create more pflog devices.
>
> Regards,
> Ivan.
>
Hello,
To create another pflog interface do:
ifconfig pflog1 create
And to create it at boot time add:
cloned_interfaces="pflog1"
to /etc/rc.conf
Regards
Thomas
More information about the freebsd-pf
mailing list