Date: Mon, 12 Jul 2010 08:12:46 +0200 From: "Remko Lodder" <remko@elvandar.org> To: "Doug Hardie" <bc979@lafn.org> Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs Message-ID: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> In-Reply-To: <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <EA284544-F36C-41F0-A233-14F529D6837A@elvandar.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> I believe I used pfctl -x m although it might have been u.
>From the manual page it seems you did the 'm':
-x urgent Generate debug messages only for serious errors.
-x misc Generate debug messages for various errors.
That generates messages for various types of problems normally not
instantly seen. Are you using that flag to detect traffic that is giving
you problems of any kind?
If you are not using that, I'd suggest that you turn it off. The internet
is a noisy place, and I am pretty sure that if I enable it the same way
you do, I will get overloaded by logs as well.
Applications are not always conformant to the RFC's, which might cause
bogus packets, or information gets lost in transit, causing misbehaviour.
I think the firewall is just telling you: Hey we have everything under
control; we just refused a bogus packet, no worries !
It'd be more worried if the output remains silent :)
Thanks,
Remko
--
/"\ Best regards, | remko@FreeBSD.org
\ / Remko Lodder | remko@EFnet
X http://www.evilcoder.org/ |
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46af4cb6a759a1c232b9dd63997334aa.squirrel>