From owner-freebsd-pf@FreeBSD.ORG  Mon Jul 12 01:49:30 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C0502106566C
	for <freebsd-pf@freebsd.org>; Mon, 12 Jul 2010 01:49:30 +0000 (UTC)
	(envelope-from bc979@lafn.org)
Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 9B1C38FC0A
	for <freebsd-pf@freebsd.org>; Mon, 12 Jul 2010 01:49:30 +0000 (UTC)
Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net
	[71.109.144.133]) (authenticated bits=0)
	by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o6C1mxIw049821
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO);
	Sun, 11 Jul 2010 18:49:00 -0700 (PDT) (envelope-from bc979@lafn.org)
References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org>
	<EA284544-F36C-41F0-A233-14F529D6837A@elvandar.org>
In-Reply-To: <EA284544-F36C-41F0-A233-14F529D6837A@elvandar.org>
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
Message-Id: <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org>
Content-Transfer-Encoding: quoted-printable
From: Doug Hardie <bc979@lafn.org>
Date: Sun, 11 Jul 2010 18:48:59 -0700
To: Remko Lodder <remko@elvandar.org>
X-Mailer: Apple Mail (2.1081)
X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org
X-Virus-Status: Clean
Cc: freebsd-pf@freebsd.org
Subject: Re: Interpreting Logs
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 01:49:30 -0000


On 11 July 2010, at 02:17, Remko Lodder wrote:

>=20
> On Jul 11, 2010, at 7:34 AM, Doug Hardie wrote:
>=20
>> I have not been able to find any real information on the contents of =
the logs.  My logs show a number of interesting entries that I just =
can't find any information to explain.  For example:
>>=20
>> loose state match
>>=20
>> BAD ICMP 11:0
>>=20
>> state reuse
>>=20
>> State failure on:   2 3   |   6
>>=20
>> State failure on: 1       | 5 =20
>>=20
>> BAD state
>>=20
>> How do you interpret these?  Is there anything written on the log =
contents?
>=20
>=20
> How do you get these messages? I have never seen them on my machines =
at all, so you must have been setting pfctl -x debug or something?

I believe I used pfctl -x m although it might have been u.=