"Brad Tilley" <[email protected]> writes: > network gear was installed that messed-up the layer 2 bridging and > introduced a loop and STP stopped working. From that came a huge > broadcast storm. pf logs filled up a 4GB /var in 3 minutes. I've never > seen that many packets in that short amount of time. I still log pf > blocks and 99% of the time, it's OK.
Heh. Loops can be fun (fsvo) for sure. I also tend to put a "block log" at the top of rule sets, if only to peek at occasionally to see how much crazy stuff gets aimed at you. But then the OP's problem of /var filling up quickly fit my hazy memories of one time I put in way to much log (all) in a config. The difference in space consumption between log and log (all) is rather significant. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
