David DeSimone schrieb: >> I do not want to disable UDP logging generally - after all I want to be >> told when things like this happen.
> If you put "keep state" on your drop+log rule, PF will only log the > first packet that gets dropped, which reduces logging considerably. I thought about this, but block in log from any to any keep state gives me pf.conf:266: keep state on block rules doesn't make sense and the rule is skipped (6.2, maybe this has changed in 7?). > However, you will not be alerted to the fact that millions of packets > are being sent, in this scenario, so you would have to detect that via > other means. That's not a problem. By the way, these turned out to be harmless multicast packets from a remote software installation process that should have been silently dropped, but I had the wrong netmask (/24 instead of /4) in my "multicast silent drop" rule. Regards Tobias -- Universität Stuttgart|Fakultät für Architektur und Stadtplanung|casinoIT 70174 Stuttgart Geschwister-Scholl-Straße 24D T +49 (0)711 121-4228 F +49 (0)711 121-4276 E [EMAIL PROTECTED] I http://www.casino.uni-stuttgart.de _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
