Date: Sat, 15 Nov 2014 06:31:46 +1100 (EST) From: Dave Horsfall <dave@horsfall.org> To: FreeBSD PF List <freebsd-pf@freebsd.org> Subject: /etc/periodic/security/520.pfdenied Message-ID: <alpine.BSF.2.11.1411150616580.773@aneurin.horsfall.org>
next in thread | raw e-mail | index | archive | help
Not quite sure if this belongs here or elsewhere; it is PF-related, after all, so please refer me somewhere else if necessary. What is the actual intent of this script? It seems to be showing every rule that *could* have triggered, regardless of whether it *did* trigger. I'm happy to submit a patch if necessary, but I'll need to know what the script is supposed to be doing. (Yes, it's a basic firewall, but it's protected by a more vicious one upstream; PF merely fine-tunes what gets through to the exposed server.) ----- aneurin.horsfall.org pf denied packets: +++ /tmp/security.8uFzJ1HL 2014-11-15 03:09:11.000000000 +1100 +block drop all [ Evaluations: 27332 Packets: 10696 Bytes: 471264 States: 0 ] +block drop in log quick on fxp0 from <spammers> to any [ Evaluations: 22598 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick on fxp0 from <woodpeckers> to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick on ! fxp0 inet from 10.0.0.0/8 to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick inet from 10.0.0.3 to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick from no-route to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in quick on fxp0 inet from any to 255.255.255.255 [ Evaluations: 22583 Packets: 7 Bytes: 2296 States: 0 ] +block drop in log quick inet from any to 0.0.0.0 [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick inet from 224.0.0.0/4 to any [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick inet from 255.255.255.255 to any [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ] +block drop in quick on fxp0 inet from any to 224.0.0.1 [ Evaluations: 22576 Packets: 11246 Bytes: 489992 States: 0 ] ----- Thanks. -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1411150616580.773>