Date: Tue, 6 Nov 2007 23:34:03 -0600 From: syle ishere <syleishere@hotmail.com> To: Max Laier <max@love2party.net>, <freebsd-pf@freebsd.org> Subject: RE: pflogd not logging certain rules Message-ID: <BAY102-W208FD45EA9C3124F83F266CC8A0@phx.gbl> In-Reply-To: <200711070422.48022.max@love2party.net> References: <BAY102-W424CD18B3B5DA8713FEECFCC8A0@phx.gbl> <200711070422.48022.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Your right, I had a rule up top , when I was testing from home, it passed m=
e in and ignored all other rules
which is exactly what I wanted. I tried from another IP on the internet and=
the rule did in fact log.=20
Sorry for wasting time with this post.
=20
This is excellent software, I've spent about 2 days now completely learning=
it. I;ve read all the man pages,
and different examples on the internet.
=20
Here are some of my suggestions to make it even better or maybe you can sug=
gest ways to do it:
2 points I have are:
a) tcp.established definable on a per rule basis (why I say this is alot of=
times you want to have a global value for the established timeout state, b=
ut there are times that you;d like to say, not timeout your ssh session fro=
m home for a week/month period)
b) program interaction with a ruleset ( I beleive this one is what will mak=
e any firewall rule all the other ones, a way to execute a program if a rul=
eset returns TRUE.) Typical example, firewall matches one of your rules, ru=
le returns true, executes a program where we can evaluate some conditions, =
passing variables such as IP and PORT, program then executes pfclt to add t=
hat IP to the table or anything else.
=20
=20
Dan.
=20
> From: max@love2party.net> To: freebsd-pf@freebsd.org> Subject: Re: pflogd=
not logging certain rules> Date: Wed, 7 Nov 2007 04:22:41 +0100> CC: sylei=
shere@hotmail.com> > On Wednesday 07 November 2007, syle ishere wrote:> > p=
ass in log proto { tcp, udp } from any to $ext_if port { 21, 22 }> > flags =
S/SA keep state \(max-src-conn 5, max-src-conn-rate 5/60,> > overload <bad>=
flush global)> >> > I use the "pass in LOG" here and it does not log at al=
l.> > I go connect to port 21 or 22 and watch logs and nothing.> > My other=
logging rules do work for things like:> > pass in log proto tcp from any t=
o $ext_if port 25 keep state> >> > So i know the logging actually does work=
, but the first line does not,> > any ideas?> > Are you sure the rule is ev=
en hit? Check with "pfctl -vvvsr" and look at > the match/packets/bytes cou=
nters.> > -- > /"\ Best regards, | mlaier@freebsd.org> \ / Max Laier | ICQ =
#67774661> X http://pf4freebsd.love2party.net/ | mlaier@EFnet> / \ ASCII Ri=
bbon Campaign | Against HTML Mail and News
_________________________________________________________________
Have fun while connecting on Messenger! Click here to learn more.
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY102-W208FD45EA9C3124F83F266CC8A0>