Problem logging packets to port 22

Mon, 19 Jul 2004 06:52:34 -0700 

Hi, I've been having a problem logging port 22
traffic. Here is some of my pf.conf file. Let me know
what you think. Thanks.

######################
# Packet Filtering
######################

# Rules for internal interfaces
######################
# pass on unfiltered interfaces
pass quick on $unfiltered

# silently drop TCP non-SYN packets, the remaining
ruleset only deals with
# TCP SYNs, which always create state when passed. the
ruleset basically
# deals with 'connections', not packets, beyond this
point.
block return-rst quick inet proto tcp all flags /S
block return-rst quick inet proto tcp all flags A/A

# block everything by default
block
block return-rst  inet proto tcp
block return-icmp inet proto udp

# Rules for external interface
######################
# silently drop broadcasts
block in quick on $ext_if inet from any to {
255.255.255.255 }

# block incoming packets from reserved address space
and invalid
# addresses, they are either spoofed or misconfigured,
we can't reply to
# them anyway (hence, no return-rst).
block in quick on $ext_if inet from <unroutable> to
any

# block outgoing packets that don't have my address as
source, they are
# either spoofed or something is misconfigured (NAT
disabled, for instance),
# we want to be nice and not send out garbage.
block out quick on $ext_if inet from !$ext_if to any

# ICMP
# internal hosts can send icmp queries and accept echo
replies to external hosts 
pass out on $ext_if inet proto icmp from $ext_if to
any \
        icmp-type $icmp_types $icmp_options

# UDP
pass out on $ext_if inet proto udp from any to any \
        $udp_options
pass in  on $ext_if inet proto udp from any to $ext_if
\
        port $udp_services $udp_options

# TCP
pass in log on $ext_if inet proto tcp from any to
$ext_if \
        port 22 $tcp_options
pass out on $ext_if inet proto tcp from $ext_if to any
\
        $tcp_options
pass in  on $ext_if inet proto tcp from any to $ext_if
\
        port $tcp_services $tcp_options



                
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail

Reply via email to