On 2011/12/06 16:05, Steven Chamberlain wrote: > On 06/12/11 15:45, Sebastien Maerker, Continum wrote: > > We have already tested the "block log all" and "tcpdump -nnei pflog0" with > > activated PF on the primary, but we saw nothing/nothing was logged. > > Hi, > > Do you really mean that *nothing* was being logged at all? With 'block > log all' at the start of your ruleset, I'd expect pretty much > *everything* to be logged (because the 'log' flag also applies to > packets that are later matched by a pass rule).
not with 'block log all'; however a 'match log' or 'match log (matches)' near the top of the ruleset would be expected to log all newly created states
