pf rules
Doug Hardie
bc979 at lafn.org
Fri Jan 22 10:34:41 UTC 2010
On 22 January 2010, at 01:45, Erik Norgaard wrote:
> To debug pf rules:
>
> - always add direction to the rule, pass or block, add interface to all
> rules except default policy, keep state on all pass rules
> - group your rules per direction, then per interface
> - add log to all rules and watch pflog to see which rule blocks or
> passes traffic.
> - use keyword quick for any decisive rule
> - check the parsing of your ruleset, pfctl -sr
>
> then come back and ask for help.
Where do you find the rule information in the pflog output from tcpdump?
More information about the freebsd-questions
mailing list