Interpreting Logs
Doug Hardie
bc979 at lafn.org
Mon Jul 12 06:20:49 UTC 2010
I am trying to understand what pf is trying to tell me. Its generating those messages for a reason. The volume of them depends on how many rules have log in them and how often they are invoked.
On 11 July 2010, at 23:12, Remko Lodder wrote:
>
>
>>> I believe I used pfctl -x m although it might have been u.
>
>> From the manual page it seems you did the 'm':
>
> -x urgent Generate debug messages only for serious errors.
> -x misc Generate debug messages for various errors.
>
> That generates messages for various types of problems normally not
> instantly seen. Are you using that flag to detect traffic that is giving
> you problems of any kind?
>
> If you are not using that, I'd suggest that you turn it off. The internet
> is a noisy place, and I am pretty sure that if I enable it the same way
> you do, I will get overloaded by logs as well.
>
> Applications are not always conformant to the RFC's, which might cause
> bogus packets, or information gets lost in transit, causing misbehaviour.
> I think the firewall is just telling you: Hey we have everything under
> control; we just refused a bogus packet, no worries !
>
> It'd be more worried if the output remains silent :)
>
> Thanks,
> Remko
>
> --
> /"\ Best regards, | remko at FreeBSD.org
> \ / Remko Lodder | remko at EFnet
> X http://www.evilcoder.org/ |
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
>
>
More information about the freebsd-pf
mailing list