On Tue, 2003-01-14 at 04:28, Daniel Hartmeier wrote: > On Tue, Jan 14, 2003 at 10:20:19AM +0100, Dries Schellekens wrote: > > > > Jan 13 17:50:02 cortez pf: Jan 13 17:40:43.230184 rule -1/3(short): > > > block in on rl1: 66.92.xxx.xxx > 238.7.6.6: igmp nreport 238.7.6.6 [ttl > > > 1] > > > > These igmp packets have ip options. By default PF blocks ip options. You > > can disable this behaviour by adding "allow-opts". > > Yes, when the logging reason is not '(match)' (but, like in the quoted > example '(short)'), the rule number doesn't necessarily refer to a block > rule (or may be completely irrelevant). > > If you just don't want these packets to get logged, you can run pflogd > with the following filtering expression: > > pflogd reason match
Thank you both, great explanations. A bit OT, but, if I add the pflogd expression to rc.conf, will a HUP to init also restart pflogd with this option, or am I forced to reboot for this to take effect? -J.
