On 06/12/11 15:45, Sebastien Maerker, Continum wrote: > We have already tested the "block log all" and "tcpdump -nnei pflog0" with > activated PF on the primary, but we saw nothing/nothing was logged.
Hi, Do you really mean that *nothing* was being logged at all? With 'block log all' at the start of your ruleset, I'd expect pretty much *everything* to be logged (because the 'log' flag also applies to packets that are later matched by a pass rule). Otherwise maybe you need to flush the state table with 'pfctl -F states' after starting tcpdump, before you see any new traffic logged. But be careful -- if you're controlling the server via ssh I imagine it would close the connection, so you'd better check first that your firewall ruleset accepts new connections to the ssh port. Perhaps share with us the output of 'pfctl -vsr' to show the active ruleset and the 'pfctl -si' counters, after enabling PF on the machine. Regards, -- Steven Chamberlain [email protected]
