pflog and reason

[mike tancsa]

I am trying to track down the IPs that are hitting my src limits, but I
dont seem them logged. According to

https://www.freebsd.org/cgi/man.cgi?query=pflogd&sektion=8

I should be able to see the reason something got blocked

e.g. if I have something like


pass in log on $outside_nic proto tcp from any to $http_server port 80
keep state (max 25 max-src-conn-rate 2/60)

How would I find the IP that is tripping up the max state rule or
max-src-conn-rate ?

Looking at

pfctl -sinfo -v

Limit Counters
  max states per rule               293319            0.2/s
  max-src-states                         0            0.0/s
  max-src-nodes                          0            0.0/s
  max-src-conn                           0            0.0/s
  max-src-conn-rate                  10273            0.0/s
  overload table insertion               0            0.0/s
  overload flush states                  0            0.0/s

The counters are increasing, but I never see it in pflog

tcpdump -tttt -nei pflog0 -s0 reason state-limit or reason src-limit

    ---Mike