displaying rule labels in pf logs
snowcrash
schneecrash+pf at gmail.com
Fri Apr 20 00:03:38 UTC 2007
hi,
i typically tail my pf-log with "tcpdump -vvttttnei pflog0".
this, of course, displays the matched "rule #", e.g.,
2007-04-18 13:07:11.363065 rule 40/0(match): pass in on tun0: (tos
0x0, ttl 54, id 10, offset 0, flags [DF], proto: UDP (17), length:
70) 144.160.112.22.37572 > 192.168.1.53.53: 62723[|domain]
is there any way to instead/additionally display a rule's "label" in
the live log?
there's a patch to do this here
(http://lists.freebsd.org/pipermail/freebsd-pf/2006-June/002278.html),
but, iiuc, that requires me to patch-&-rebuild both tcpdump & my
kernel ...
is there an existing 'native' option to do so already 'in' pf+tcpdump?
thanks.
More information about the freebsd-pf
mailing list