Why this rule doesn't score a match?
Ivan Petrushev
ivanatora at gmail.com
Thu Jul 24 12:57:54 UTC 2008
Hello Thomas,
I'm recieving an error:
# ifconfig plog1 create
ifconfig: SIOCIFCREATE2: Invalid argument
and I can't see anything in 'man ifconfig' related to the pflog device.
Regards, Ivan
On Wed, Jul 23, 2008 at 11:57 PM, Thomas Rasmussen <thomas at gibfest.dk> wrote:
> Ivan Petrushev wrote:
>>
>> Hi Jon,
>> Aaahhh, I see now - these FROM rules must be TO rules :D
>> Thank you both for your replies.
>>
>> I'm going to monitor the outbond connections as well, but I think I
>> will be OK then. This was the little stone in the shoe.
>> I've already managed to let ICMP trough that 'block all' ;)
>>
>> Btw, I like the way pflog is working - deploying tcpdump on pflog0 and
>> track down the logged packets. Is there a way to create another pflog
>> device and use it for some different rules? I've seen there is an
>> option to the 'log' keyword - (to pflogX), but I didn't managed to
>> find out how to create more pflog devices.
>>
>> Regards,
>> Ivan.
>>
>
> Hello,
>
> To create another pflog interface do:
> ifconfig pflog1 create
>
> And to create it at boot time add:
> cloned_interfaces="pflog1"
> to /etc/rc.conf
>
> Regards
>
> Thomas
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list