pflogd not logging certain rules
syle ishere
syleishere at hotmail.com
Tue Nov 6 21:34:08 PST 2007
Your right, I had a rule up top , when I was testing from home, it passed me in and ignored all other rules
which is exactly what I wanted. I tried from another IP on the internet and the rule did in fact log.
Sorry for wasting time with this post.
This is excellent software, I've spent about 2 days now completely learning it. I;ve read all the man pages,
and different examples on the internet.
Here are some of my suggestions to make it even better or maybe you can suggest ways to do it:
2 points I have are:
a) tcp.established definable on a per rule basis (why I say this is alot of times you want to have a global value for the established timeout state, but there are times that you;d like to say, not timeout your ssh session from home for a week/month period)
b) program interaction with a ruleset ( I beleive this one is what will make any firewall rule all the other ones, a way to execute a program if a ruleset returns TRUE.) Typical example, firewall matches one of your rules, rule returns true, executes a program where we can evaluate some conditions, passing variables such as IP and PORT, program then executes pfclt to add that IP to the table or anything else.
Dan.
> From: max at love2party.net> To: freebsd-pf at freebsd.org> Subject: Re: pflogd not logging certain rules> Date: Wed, 7 Nov 2007 04:22:41 +0100> CC: syleishere at hotmail.com> > On Wednesday 07 November 2007, syle ishere wrote:> > pass in log proto { tcp, udp } from any to $ext_if port { 21, 22 }> > flags S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60,> > overload <bad> flush global)> >> > I use the "pass in LOG" here and it does not log at all.> > I go connect to port 21 or 22 and watch logs and nothing.> > My other logging rules do work for things like:> > pass in log proto tcp from any to $ext_if port 25 keep state> >> > So i know the logging actually does work, but the first line does not,> > any ideas?> > Are you sure the rule is even hit? Check with "pfctl -vvvsr" and look at > the match/packets/bytes counters.> > -- > /"\ Best regards, | mlaier at freebsd.org> \ / Max Laier | ICQ #67774661> X http://pf4freebsd.love2party.net/ | mlaier at EFnet> / \ ASCII Ribbon Campaign | Against HTML Mail and News
_________________________________________________________________
Have fun while connecting on Messenger! Click here to learn more.
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger
More information about the freebsd-pf
mailing list