Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Jul 2010 23:20:42 -0700
From:      Doug Hardie <bc979@lafn.org>
To:        "Remko Lodder" <remko@elvandar.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Interpreting Logs
Message-ID:  <E495806E-A05C-4F13-BE42-131A1F0D788B@lafn.org>
In-Reply-To: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl>
References:  <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <EA284544-F36C-41F0-A233-14F529D6837A@elvandar.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
I am trying to understand what pf is trying to tell me.  Its generating =
those messages for a reason.  The volume of them depends on how many =
rules have log in them and how often they are invoked. =20


On 11 July 2010, at 23:12, Remko Lodder wrote:

>=20
>=20
>>> I believe I used pfctl -x m although it might have been u.
>=20
>> =46rom the manual page it seems you did the 'm':
>=20
>       -x urgent     Generate debug messages only for serious errors.
>             -x misc       Generate debug messages for various errors.
>=20
> That generates messages for various types of problems normally not
> instantly seen. Are you using that flag to detect traffic that is =
giving
> you problems of any kind?
>=20
> If you are not using that, I'd suggest that you turn it off. The =
internet
> is a noisy place, and I am pretty sure that if I enable it the same =
way
> you do, I will get overloaded by logs as well.
>=20
> Applications are not always conformant to the RFC's, which might cause
> bogus packets, or information gets lost in transit, causing =
misbehaviour.
> I think the firewall is just telling you: Hey we have everything under
> control; we just refused a bogus packet, no worries !
>=20
> It'd be more worried if the output remains silent :)
>=20
> Thanks,
> Remko
>=20
> --=20
> /"\   Best regards,                      | remko@FreeBSD.org
> \ /   Remko Lodder                       | remko@EFnet
> X    http://www.evilcoder.org/          |
> / \   ASCII Ribbon Campaign              | Against HTML Mail and News
>=20
>=20

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E495806E-A05C-4F13-BE42-131A1F0D788B>