From owner-freebsd-pf@FreeBSD.ORG  Sun Jul 11 09:17:15 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4DB7A106566B
	for <freebsd-pf@freebsd.org>; Sun, 11 Jul 2010 09:17:15 +0000 (UTC)
	(envelope-from remko@elvandar.org)
Received: from mailgate.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::3])
	by mx1.freebsd.org (Postfix) with ESMTP id DBDD28FC16
	for <freebsd-pf@freebsd.org>; Sun, 11 Jul 2010 09:17:14 +0000 (UTC)
Received: from websrv01.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::4])
	by mailgate.jr-hosting.nl (Postfix) with ESMTP id 31C9E1CC3E;
	Sun, 11 Jul 2010 11:17:14 +0200 (CEST)
Received: from a83-163-38-147.adsl.xs4all.nl ([83.163.38.147]
	helo=axantucar.elvandar.int)
	by websrv01.jr-hosting.nl with esmtpsa (TLSv1:AES128-SHA:128)
	(Exim 4.72 (FreeBSD)) (envelope-from <remko@elvandar.org>)
	id 1OXsew-000L7q-4e; Sun, 11 Jul 2010 11:17:14 +0200
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
From: Remko Lodder <remko@elvandar.org>
In-Reply-To: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org>
Date: Sun, 11 Jul 2010 11:17:13 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <EA284544-F36C-41F0-A233-14F529D6837A@elvandar.org>
References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org>
To: Doug Hardie <bc979@lafn.org>
X-Mailer: Apple Mail (2.1081)
Cc: freebsd-pf@freebsd.org
Subject: Re: Interpreting Logs
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jul 2010 09:17:15 -0000


On Jul 11, 2010, at 7:34 AM, Doug Hardie wrote:

> I have not been able to find any real information on the contents of =
the logs.  My logs show a number of interesting entries that I just =
can't find any information to explain.  For example:
>=20
> loose state match
>=20
> BAD ICMP 11:0
>=20
> state reuse
>=20
> State failure on:   2 3   |   6
>=20
> State failure on: 1       | 5 =20
>=20
> BAD state
>=20
> How do you interpret these?  Is there anything written on the log =
contents?


How do you get these messages? I have never seen them on my machines at =
all, so you must have been setting pfctl -x debug or something?

Thanks,
Remko

--=20
/"\   Best regards,                        | remko@FreeBSD.org
\ /   Remko Lodder                      | remko@EFnet
X    http://www.evilcoder.org/    |
/ \   ASCII Ribbon Campaign    | Against HTML Mail and News