On Wed, Jul 20, 2011 at 8:49 AM, fqui nonez <[email protected]> wrote:
> 2011/7/20 Wesley MOUEDINE ASSABY <[email protected]>:
>> Also,
>> you can see a sample on http://mouedine.net/ruleset49.aspx
>>
>> Wesley.
>>
>> On Wed, 20 Jul 2011 14:27:27 +0400, Wesley MOUEDINE ASSABY
>> <[email protected]> wrote:
>>> Hi,
>>>
>>> Try this:
>>> block log return
>>>
>>> Cheers,
>>>
>>> Wesley.
>>>
>>> On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez <[email protected]>
>>> wrote:
>>>> Hello
>>>>
>>>> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all
>>>> blocked packets, and send them to /var/log/pfblocklog to be read with
>>>> tcpdump. What and where should be the rule?
>>>>
>
>>>>
>>>> Thanks for your attention.
>
> Hello
>
> I changed it to:
>
> # B B $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
> #
>
> set skip on lo
>
> ### Agregadas por mi: (added by me)
> block log
>
> pass out quick on rl0
>
> antispoof quick for rl0
>
> pass in log on rl0 proto tcp from any to port 22
> pass in log on rl0 proto tcp from any to port 21
> pass in log on rl0 proto tcp from any to port 80
replace all three by:
pass in log on rl0 proto tcp to port { 21 22 80 }
>
> ### Fin. (end)
>
> # filter rules and anchor for ftp-proxy(8)
> anchor "ftp-proxy/*"
> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
you already pass these packets before. redundant rules make pfctl
output hard to read, so change it to:
match in proto tcp to port ftp rdr-to localhost port 8021
>
> Thank so much both. How does it look?
