You'd be better served attaching your entire pf.conf
Phusion spewed:
> I have a question about logging certain packets. On my internal
> network I allow the following traffic outbound: tcp
> 21,22,25,53,80,110,443,5999 and udp 53,67,123. I was wondering how I
> can log all the blocked outbound traffic like to tcp and udp port
> 1214, 4662, and the rest. I'm having a problem because when I tried
> AOL Instant Messenger, it should have been blocked, logged and not
> been able to connect because it makes an outbound connection to tcp
> port 5190 which isn't allowed, but it still works. This is what I have
> right now in my config files.
>
> /etc/inetd.conf
> 127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy
> ftp-proxy -n -u proxy -m 55000 -M 57000 -t 180
>
> /etc/pf.conf
> tcp_ports = "{ 21, 22, 25, 53, 80, 110, 443, 5999 }"
>
> block in all
> block out log all
>
> # for FTP
> pass in on $ext_if inet proto tcp from any to $ext_if \
> port 55000 >< 57000 user proxy $tcpsrv_options $proto_options
>
> for FTP
> pass out on $ext_if inet proto tcp from $ext_if to any \
> port > 1023 $tcpsrv_options $proto_options
>
> pass out on $ext_if inet proto tcp from $ext_if to any \
> port $tcp_ports $tcpsrv_options $proto_options
>
> Let me know how I can log the outbound traffic that is blocked. Thanks.
--
=== Asenchi ===============================================
-----------------------------------------------------------
- [WWW]: www.asenchi.com [EMAIL]: [EMAIL PROTECTED] -
- [PGP]: 1024D/65724DA8 [ICQ]: 56039913 [AIM]: asenchi -
- [IRC]: Asenchi | irc.freenode.net | #asenchi, #rweather -
-----------------------------------------------------------
============================= Follow the uncharted path ===
