pflogd not logging certain rules

Max Laier max at love2party.net
Tue Nov 6 19:22:53 PST 2007


On Wednesday 07 November 2007, syle ishere wrote:
> pass in log proto { tcp, udp } from any to $ext_if port { 21, 22 }
> flags S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60,
> overload <bad> flush global)
>
> I use the "pass in LOG" here and it does not log at all.
> I go connect to port 21 or 22 and watch logs and nothing.
> My other logging rules do work for things like:
> pass in log proto tcp from any to $ext_if port 25 keep state
>
> So i know the logging actually does work, but the first line does not,
> any ideas?

Are you sure the rule is even hit?  Check with "pfctl -vvvsr" and look at 
the match/packets/bytes counters.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20071107/c56eb038/attachment.pgp


More information about the freebsd-pf mailing list