Date: Fri, 13 Nov 2009 15:04:42 +0100 From: Stephane D'Alu <sdalu@sdalu.com> To: Ian Smith <smithi@nimnet.asn.au> Cc: net@freebsd.org Subject: Re: pf & tcpdump Message-ID: <4AFD677A.8030000@sdalu.com> In-Reply-To: <20091113235940.L58089@sola.nimnet.asn.au> References: <4AFD4632.5090207@sdalu.com> <20091113230319.R58089@sola.nimnet.asn.au> <4AFD5635.3080104@sdalu.com> <20091113235940.L58089@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13/11/2009 14:27, Ian Smith wrote: > On Fri, 13 Nov 2009, Stephane D'Alu wrote: > > On 13/11/2009 13:08, Ian Smith wrote: > > > [...] > > > tcpdump sees packets before they're passed to the firewall coming in, > > > and after the firewall going out. Lack of response to inbound packets > > > that the firewall is supposed to block is usually a good sign .. > > > > > > Easiest way to see firewall rules are working is to add logging to them. > > > > > > > So if I understand correctly, there is no way in tcpdump to only select the > > packets "going out after the firewall" > I wrongly interpreted the last part of your answer as "packets going out of the firewall processing" instead of "packets going out of the interface" So now I understand, adding logging to the firewall is the only option left. Sincerly -- Stephane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AFD677A.8030000>