Interpreting Logs
Remko Lodder
remko at elvandar.org
Mon Jul 12 06:12:47 UTC 2010
>> I believe I used pfctl -x m although it might have been u.
>From the manual page it seems you did the 'm':
-x urgent Generate debug messages only for serious errors.
-x misc Generate debug messages for various errors.
That generates messages for various types of problems normally not
instantly seen. Are you using that flag to detect traffic that is giving
you problems of any kind?
If you are not using that, I'd suggest that you turn it off. The internet
is a noisy place, and I am pretty sure that if I enable it the same way
you do, I will get overloaded by logs as well.
Applications are not always conformant to the RFC's, which might cause
bogus packets, or information gets lost in transit, causing misbehaviour.
I think the firewall is just telling you: Hey we have everything under
control; we just refused a bogus packet, no worries !
It'd be more worried if the output remains silent :)
Thanks,
Remko
--
/"\ Best regards, | remko at FreeBSD.org
\ / Remko Lodder | remko at EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list