Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 Nov 2014 06:31:46 +1100 (EST)
From:      Dave Horsfall <dave@horsfall.org>
To:        FreeBSD PF List <freebsd-pf@freebsd.org>
Subject:   /etc/periodic/security/520.pfdenied
Message-ID:  <alpine.BSF.2.11.1411150616580.773@aneurin.horsfall.org>
next in thread | raw e-mail | index | archive | help 
Not quite sure if this belongs here or elsewhere; it is PF-related, after 
all, so please refer me somewhere else if necessary.

What is the actual intent of this script?  It seems to be showing every 
rule that *could* have triggered, regardless of whether it *did* trigger.

I'm happy to submit a patch if necessary, but I'll need to know what the 
script is supposed to be doing.

(Yes, it's a basic firewall, but it's protected by a more vicious one 
upstream; PF merely fine-tunes what gets through to the exposed server.)

-----

aneurin.horsfall.org pf denied packets:
+++ /tmp/security.8uFzJ1HL	2014-11-15 03:09:11.000000000 +1100
+block drop all [ Evaluations: 27332 Packets: 10696 Bytes: 471264 States: 0 ]
+block drop in log quick on fxp0 from <spammers> to any [ Evaluations: 22598 Packets: 0 Bytes: 0 States: 0 ]
+block drop in log quick on fxp0 from <woodpeckers> to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ]
+block drop in log quick on ! fxp0 inet from 10.0.0.0/8 to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ]
+block drop in log quick inet from 10.0.0.3 to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ]
+block drop in log quick from no-route to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick on fxp0 inet from any to 255.255.255.255 [ Evaluations: 22583 Packets: 7 Bytes: 2296 States: 0 ]
+block drop in log quick inet from any to 0.0.0.0 [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ]
+block drop in log quick inet from 224.0.0.0/4 to any [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ]
+block drop in log quick inet from 255.255.255.255 to any [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick on fxp0 inet from any to 224.0.0.1 [ Evaluations: 22576 Packets: 11246 Bytes: 489992 States: 0 ]

-----

Thanks.

-- 
Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1411150616580.773>