Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Mar 2009 10:00:10 -0700
From:      "Michael K. Smith - Adhost" <mksmith@adhost.com>
To:        "Eric Magutu" <emagutu@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: first firewall with pf
Message-ID:  <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan>
In-Reply-To: <op.ura05ywcflcvyi@da1-desktop-x64>
References:  <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <op.ura05ywcflcvyi@da1-desktop-x64>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: QUOTED-PRINTABLE

I also forgot to mention:

You should probably log your block rule so that you can see what's going on=
 if things don't work as expected.

So:

block in log on $ext_if

Note the lack of "quick" as well, as previously mentioned.

With logging enabled, provided you have pflog running (which you should), y=
ou can use the following to see what's being blocked.

tcpdump -n -e -ttt -i pflog0  (provided pflog0 is your pflog interface).

Regards,

Mike

--PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046
Content-Type: application/pgp-signature;
	name="PGP.sig"
Content-Transfer-Encoding: 7BIT
Content-Disposition: attachment;
	filename="PGP.sig"

-----BEGIN PGP SIGNATURE-----
Version: 9.9.1 (Build 287)

iQEVAwUBSckRmvTXQhZ+XcVAAQjMswf/TkULvyN7JV6NEqwDo+WxuZo/4DRlv1G3
ZrcH08lnQPBOxaq4HFoPX9hCi0gdeLj4X7w+ziyXwpYId4Ue0aEqRQVWzLv7nUSf
qoeSz/sjVzsWfDx+BXGSlq5/Y4B/nGlBTqscBYFqfDJcr6P9SkHsLg63CTNLE86H
G71XBtab6Wq85F16zM7PXyxVd1zYqS6MYOmz/EkkpLZ0DqrghcSK6VAmNosgPFzf
BqcMyO2q3sz4hJZ53QSFOCgOyZ2h/Bsa3sf7QGqs7LazmR1Cg/rxRfHitl7wnrzA
pJiOjNy2nku61qveNBWR9mJYNhblO2epQiqVGqSYDtKozQfDY4Vklw==
=svCE
-----END PGP SIGNATURE-----

--PGP_Universal_F284CC36_61468F6F_D8B4E21C_1CD3A046--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?17838240D9A5544AAA5FF95F8D52031605B4283F>