2009/11/20 Giancarlo Rubio <gianru...@gmail.com> > poste seu pf.conf inteiro > > 2009/11/20 Enio Marconcini <eni...@gmail.com> > > > 2009/11/20 Amim <octopusillus...@gmail.com> > > > > > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote > saindo > > > por ela? > > > > > > Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus > > > pacotes tão saindo por ali. > > > > > > -- > > > Amim > > > > > > 2009/11/20 Enio Marconcini <eni...@gmail.com> > > > > > >> 2009/11/20 Giancarlo Rubio <gianru...@gmail.com> > > >> > > >> > > >> > Tente adicionar no fim das suas regras > > >> > block log quick from any to any > > >> > > > >> > e troque sua regra inicial de block log all para apenas block > > >> > > > >> > > > >> > 2 > > >> > > > >> > > > >> > -- > > >> > Giancarlo Rubio > > >> > ------------------------- > > >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > >> > > > >> > > >> fiz dessa forma, nada tbm > > >> > > >> só mostra isso > > >> > > >> tcpdump: WARNING: pflog0: no IPv4 address assigned > > >> tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode > > >> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture > size > > 68 > > >> bytes > > >> 000000 rule 12/0(match): pass out on re1: [|ip] > > >> 000521 rule 44/0(match): block in on re1: [|ip] > > >> 2. 201811 rule 44/0(match): block in on re1: [|ip] > > >> 8. 363237 rule 44/0(match): block in on re1: [|ip] > > >> 000108 rule 44/0(match): block in on re1: [|ip] > > >> 000028 rule 44/0(match): block in on re1: [|ip] > > >> 000006 rule 44/0(match): block in on re1: [|ip] > > >> 30. 996715 rule 44/0(match): block in on re1: [|ip] > > >> 000009 rule 44/0(match): block in on re1: [|ip] > > >> 000021 rule 44/0(match): block in on re1: [|ip] > > >> 000019 rule 44/0(match): block in on re1: [|ip] > > >> > > >> > > >> > > >> -- > > >> ENIO RODRIGO MARCONCINI > > >> gtalk: eni...@gmail.com > > >> skype: eniorm > > >> msn: /dev/null > > >> > > >> > FreeBSD -:- OpenBSD -:- > > >> > Coleções Marcas de Cigarros > > >> < Obi-Wan has taught you well.... > > >> ------------------------- > > >> Histórico: http://www.fug.com.br/historico/html/freebsd/ > > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > >> > > > > > > > > > > o fluxo existe porém o tcpdump aparentemente está exibindo os dados não > > indorretos, mas faltando informação > > > > 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip] > > 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip] > > 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip] > > 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip] > > > > > > note que tem os registros de block ou pass, normais das minhas regras, > > porém > > as linhas nao trazem de onde e para onde (ip e porta) > > > > > > > > > > -- > > ENIO RODRIGO MARCONCINI > > gtalk: eni...@gmail.com > > skype: eniorm > > msn: /dev/null > > > > > FreeBSD -:- OpenBSD -:- > > > Coleções Marcas de Cigarros > > < Obi-Wan has taught you well.... > > ------------------------- > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > > -- > Giancarlo Rubio > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >
ahhh o mais estranho eu notei hoje um tcpdump -ttt -n -e -r /var/log/pflog apresenta os dados completos: 2009-11-21 10:07:53.517997 rule 38/0(match): pass in on re1: 192.168.0.1.138 > 192.168.0.255.138: NBT UDP PACKET(138) 2009-11-21 10:07:53.518037 rule 37/0(match): pass in on re1: 192.168.0.3.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 2009-11-21 10:07:53.518172 rule 37/0(match): pass in on re1: 192.168.0.5.137 > 192.168.0.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 2009-11-21 10:08:15.398729 rule 38/0(match): pass in on re1: 192.168.0.41.138 > 192.168.0.255.138: NBT UDP PACKET(138) 2009-11-21 10:08:15.408985 rule 0/0(match): block in on re1: 192.168.0.3.631 > 255.255.255.255.631: UDP, length 165 2009-11-21 10:08:15.409070 rule 0/0(match): block in on re1: 192.168.0.3.631 > 192.168.0.255.631: UDP, length 161 2009-11-21 10:08:15.409088 rule 0/0(match): block in on re1: 192.168.0.3.631 > 192.168.0.255.631: UDP, length 161 2009-11-21 10:08:15.409107 rule 0/0(match): block in on re1: 192.168.0.3.631 > 192.168.0.255.631: UDP, length 165 -- ENIO RODRIGO MARCONCINI gtalk: eni...@gmail.com skype: eniorm msn: /dev/null > FreeBSD -:- OpenBSD -:- > Coleções Marcas de Cigarros < Obi-Wan has taught you well.... ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd