Date: Thu, 19 Apr 2007 16:37:13 -0700 From: snowcrash <schneecrash+pf@gmail.com> To: freebsd-pf@freebsd.org Subject: displaying rule labels in pf logs Message-ID: <70f41ba20704191637r3b615497ga13ebfa885db180c@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
hi, i typically tail my pf-log with "tcpdump -vvttttnei pflog0". this, of course, displays the matched "rule #", e.g., 2007-04-18 13:07:11.363065 rule 40/0(match): pass in on tun0: (tos 0x0, ttl 54, id 10, offset 0, flags [DF], proto: UDP (17), length: 70) 144.160.112.22.37572 > 192.168.1.53.53: 62723[|domain] is there any way to instead/additionally display a rule's "label" in the live log? there's a patch to do this here (http://lists.freebsd.org/pipermail/freebsd-pf/2006-June/002278.html), but, iiuc, that requires me to patch-&-rebuild both tcpdump & my kernel ... is there an existing 'native' option to do so already 'in' pf+tcpdump? thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70f41ba20704191637r3b615497ga13ebfa885db180c>