Hi! I would like to log a SYN packet in the beginning of sessions and the FIN and/or RST packet at the end with the new match action.
cat pf.conf set skip on lo block in log pass out match in log flags S/S match in log flags F/F match in log flags R/R pass in proto tcp from any to (vic0) port 22 If i initiate a new ssh connection to the firewall the match condition seems ok. Jun 22 13:04:17.797771 rule 2/(match) match in on vic0: 192.168.229.1.3711 > 192.168.229.128.22: S 326636544:326636544(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) But if i terminate the ssh session i dont see any further logs. So my question is: Is it possible to use the match action for this scenario (or something else) or i totally misunderstood anything? Thx Godot PS: Sorry if my english is terrible
