From owner-freebsd-pf@FreeBSD.ORG Wed Nov 14 19:27:13 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6096C16A46C for ; Wed, 14 Nov 2007 19:27:13 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2.email.verio.net [129.250.36.42]) by mx1.freebsd.org (Postfix) with ESMTP id 336BA13C481 for ; Wed, 14 Nov 2007 19:27:13 +0000 (UTC) (envelope-from fox@verio.net) Received: from [129.250.36.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout2.email.verio.net with esmtp id 1IsM7o-0006Qo-6I for freebsd-pf@freebsd.org; Wed, 14 Nov 2007 17:34:04 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp4.email.verio.net with esmtp id 1IsM7o-0006vc-2v for freebsd-pf@freebsd.org; Wed, 14 Nov 2007 17:34:04 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 6CB458E296; Wed, 14 Nov 2007 11:34:00 -0600 (CST) Date: Wed, 14 Nov 2007 11:34:00 -0600 From: David DeSimone To: freebsd-pf@freebsd.org Message-ID: <20071114173359.GO6168@verio.net> Mail-Followup-To: freebsd-pf@freebsd.org References: <473B2006.8050000@casino.uni-stuttgart.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <473B2006.8050000@casino.uni-stuttgart.de> Precedence: bulk User-Agent: Mutt/1.5.9i Subject: Re: How to prevent FS overflow due to excessive logging? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2007 19:27:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tobias Ernst wrote: > > I do not want to disable UDP logging generally - after all I want to be > told when things like this happen. If you put "keep state" on your drop+log rule, PF will only log the first packet that gets dropped, which reduces logging considerably. However, you will not be alerted to the fact that millions of packets are being sent, in this scenario, so you would have to detect that via other means. - -- David DeSimone == Network Admin == fox@verio.net "This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, dis- tribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you." --Lawyer Bot 6000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFHOzGHFSrKRjX5eCoRAlASAJ4sIqjHk1bZ01XuEL/BFS77kby5lwCcCouy 2KjtMZFaXm0OMr38Skxmk3w= =p2SR -----END PGP SIGNATURE-----