Beers, James W. wrote:
I poked around some more and now my understanding is that the syntax for
The authoritative source for ipf syntax is tools/ipf_y.y
I used it a lot since the man page isn't up to date.
using log tags should be something like:
pass in log level local.info first quick on fxp0 proto tcp from
any to any group 2 tag 137
Try
pass in log level local0.info first quick on fxp0
proto tcp from any to any group 2 set-tag(log=137);
for
Sep 27 18:24:08 dev ipmon[119]: [ID 702911 local0.info] 18:24:07.523711
fxp0 @0:3 p xxx.xxx.xxx.xxx,2020 -> xxxx.xxxx.xxxx.xxxx,1234 PR tcp len
20 48 -S IN log-tag 137
I have tinkered around with dropping various optional 'tags' in the
rule, like group or first or quick, but still can't nail the syntax.
The above rule complains of a syntax error at 137. However, when I drop
the 137 and just have tag at the end of the line, ipf -F a -f
/etc/ipf.rules complains about an error on the next line after the tag.
So I think I'm close ...
BTW, is anyone using this functionality?
-jwb
