From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 06:12:47 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E8E31065670 for ; Mon, 12 Jul 2010 06:12:47 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from mailgate.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::3]) by mx1.freebsd.org (Postfix) with ESMTP id 2646F8FC17 for ; Mon, 12 Jul 2010 06:12:47 +0000 (UTC) Received: from websrv01.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::4]) by mailgate.jr-hosting.nl (Postfix) with ESMTP id 57CA91CC2E; Mon, 12 Jul 2010 08:12:46 +0200 (CEST) Received: from www by websrv01.jr-hosting.nl with local (Exim 4.72 (FreeBSD)) (envelope-from ) id 1OYCFy-000BSO-A0; Mon, 12 Jul 2010 08:12:46 +0200 Received: from 2001:888:15a5:0:20e:cff:fe2e:41f6 (SquirrelMail authenticated user remko) by www.jr-hosting.nl with HTTP; Mon, 12 Jul 2010 08:12:46 +0200 Message-ID: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> In-Reply-To: <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> Date: Mon, 12 Jul 2010 08:12:46 +0200 From: "Remko Lodder" To: "Doug Hardie" User-Agent: SquirrelMail/1.4.20 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 06:12:47 -0000 >> I believe I used pfctl -x m although it might have been u. >From the manual page it seems you did the 'm': -x urgent Generate debug messages only for serious errors. -x misc Generate debug messages for various errors. That generates messages for various types of problems normally not instantly seen. Are you using that flag to detect traffic that is giving you problems of any kind? If you are not using that, I'd suggest that you turn it off. The internet is a noisy place, and I am pretty sure that if I enable it the same way you do, I will get overloaded by logs as well. Applications are not always conformant to the RFC's, which might cause bogus packets, or information gets lost in transit, causing misbehaviour. I think the firewall is just telling you: Hey we have everything under control; we just refused a bogus packet, no worries ! It'd be more worried if the output remains silent :) Thanks, Remko -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News