Date: Tue, 6 Nov 2007 23:34:03 -0600 From: syle ishere <syleishere@hotmail.com> To: Max Laier <max@love2party.net>, <freebsd-pf@freebsd.org> Subject: RE: pflogd not logging certain rules Message-ID: <BAY102-W208FD45EA9C3124F83F266CC8A0@phx.gbl> In-Reply-To: <200711070422.48022.max@love2party.net> References: <BAY102-W424CD18B3B5DA8713FEECFCC8A0@phx.gbl> <200711070422.48022.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Your right, I had a rule up top , when I was testing from home, it passed m= e in and ignored all other rules which is exactly what I wanted. I tried from another IP on the internet and= the rule did in fact log.=20 Sorry for wasting time with this post. =20 This is excellent software, I've spent about 2 days now completely learning= it. I;ve read all the man pages, and different examples on the internet. =20 Here are some of my suggestions to make it even better or maybe you can sug= gest ways to do it: 2 points I have are: a) tcp.established definable on a per rule basis (why I say this is alot of= times you want to have a global value for the established timeout state, b= ut there are times that you;d like to say, not timeout your ssh session fro= m home for a week/month period) b) program interaction with a ruleset ( I beleive this one is what will mak= e any firewall rule all the other ones, a way to execute a program if a rul= eset returns TRUE.) Typical example, firewall matches one of your rules, ru= le returns true, executes a program where we can evaluate some conditions, = passing variables such as IP and PORT, program then executes pfclt to add t= hat IP to the table or anything else. =20 =20 Dan. =20 > From: max@love2party.net> To: freebsd-pf@freebsd.org> Subject: Re: pflogd= not logging certain rules> Date: Wed, 7 Nov 2007 04:22:41 +0100> CC: sylei= shere@hotmail.com> > On Wednesday 07 November 2007, syle ishere wrote:> > p= ass in log proto { tcp, udp } from any to $ext_if port { 21, 22 }> > flags = S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60,> > overload <bad>= flush global)> >> > I use the "pass in LOG" here and it does not log at al= l.> > I go connect to port 21 or 22 and watch logs and nothing.> > My other= logging rules do work for things like:> > pass in log proto tcp from any t= o $ext_if port 25 keep state> >> > So i know the logging actually does work= , but the first line does not,> > any ideas?> > Are you sure the rule is ev= en hit? Check with "pfctl -vvvsr" and look at > the match/packets/bytes cou= nters.> > -- > /"\ Best regards, | mlaier@freebsd.org> \ / Max Laier | ICQ = #67774661> X http://pf4freebsd.love2party.net/ | mlaier@EFnet> / \ ASCII Ri= bbon Campaign | Against HTML Mail and News _________________________________________________________________ Have fun while connecting on Messenger! Click here to learn more. http://entertainment.sympatico.msn.ca/WindowsLiveMessenger=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY102-W208FD45EA9C3124F83F266CC8A0>