Trouble reading the nightly "security run output" report

Tim Hogan tim at
Wed Feb 2 08:21:05 PST 2005

OK, so every night the default install of FreeBSD generates a "security
run output" report for IPF denied packets.  Here is a sample report;

> 221143 @2 block out log quick on dc0 from any to any head 15
> 92733 @2 block in log quick on dc0 from any to any head 10
> 20 @8 block in log quick on dc0 from to any group 10

That's it.  I am looking at this and trying to figure out if it is useful
and just what are those numbers for?  I have IPF creating a log entry for
all of the dropped packets, but when I look at the logs I can't match
those numbers at all.  In fact, if I do a 'wc -l' on the log file I get a
count of 10,780 lines.  If I take into account the log entries that have a
consecutive count logged I come up with 11,422.  Not even close the
numbers listed above.

So just what does this report mean and is there a better tool to run that
would give me a nightly report of total drops and perhaps the top ten
offenders and why?


More information about the freebsd-questions mailing list