On Sun, May 14, 2006 at 09:39:28PM +1000, Darren Reed wrote: > I believe this does what you want: > pass in log on foo0 proto tcp all flags S keep state
That does what I want, thank you! I notice that ipfstat reports a high number in "log failures:". If I read NetBSD 3.0 correctly, ipl keeps up to 8 packets logged at once, and ipmon just isn't keeping up. I was hoping to use this for multiple things, most importantly a log of every NAT'ed TCP connection and UDP packet. It would also be nice to use it for accounting (ie: How many bytes did such-and-such machine transfer, and at what times, and to which other machines?) So I want to keep holes to an absolute minimum. Can you offer advice? I am not sure whether to increase the size of the log buffer, to use tcpdump instead, or to do something else altogether. Thank you for your time, Ben
