pf logging differences
Eric
heli at mikestammer.com
Tue Mar 20 14:06:54 UTC 2007
Volker wrote:
> On 12/23/-58 20:59, Eric wrote:
>> in this case, pf logging looks like this:
>>
>>
>> Why is the first host producing more detailed logs? why isnt pf showing
>> the port that was blocked or anything else like it does in the first
>> host? Is there a way to make the ng0 interface log more or is this due
>> to the netgraph hooks into pf?
>
> ICMP packets do NOT have any port numbers. The example you've shown
> had 3 ICMP packets being blocked.
>
> On the other side, I'm always using `tcpdump -nettttvvi ...' (the
> -vv parameters gives more output but might annoy you for SMB /
> netbios traffic).
>
>
> HTH,
>
> Volker
It does. i picked some bad examples there. the issue was not having IPv6
on the second machine and as such it was using a smaller value for the
capture size (64 vs 96 I believe). Using -s 100 fixed it and things look
as expected.
Eric
More information about the freebsd-pf
mailing list