pf logging only no active filtering
Malte Graebner
mg at maltedoc.de
Thu Jun 15 19:32:48 UTC 2017
using quick phrase has the side effect, that Im not able to see, if
there are any packets that would be blocked which shouldn't, because of
not eval the hole ruleset ( about 500 rules ).
e.g. : multiple bi directional nat rules , doing not what I expect them
to do. Then I can fix the ruleset, without affecting the live
environment. But therefore I need to process the hole ruleset, to not
get unhandy suprises with some rules when going live.
Am 15.06.2017 um 21:18 schrieb Mike Tancsa:
> On 6/15/2017 2:21 PM, Malte Graebner wrote:
>> Hello folks,
>> is there an option, to only log all stuff going on via "log" command and
>> without taking any action to traffic flow itself ?
> Perhaps
>
> pass quick log <make it specific or general as you want>
>
> ... quick matches and then no longer evals the rules.
>
> ---Mike
>
>
More information about the freebsd-pf
mailing list