Hi All,
I've got a firewall with several dozen pf queues on, and all has
been working fine for past few years, however I've managed to somehow
at some point end up with a bunch of traffic end up in the 'default
queue'. My intention is that every packet should end up in a defined
queue (as we use this for accounting etc). Anyone think of any ways
I can work out what packets are ending up in the default queue? As
the default queue is where packets which don't match a rule end up, I
can't add a log statement or anything. I've tried putting in:
# Default outputs -- these should probably go at some point
pass out log on $ext_if proto tcp all keep state flags S/SA queue d3
pass out log on $ext_if inet all flags S/SA keep state queue d3
pass out log on $ext_if proto { gre, egp } all keep state queue d3
before any of my real queues to hopefully get everything that doesn't
match into the queue d3 and then I can view what is going on with
tcpdump and pflog, but I still seem to be missing something.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd. Business Vision on the Internet
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting
