jared r r spiegel wrote:
yup. by seeing what was dropped.
i _always always always_ keep "block return log all" as the first real
rule in my pf.conf. whether or not you want to return or drop is of
course a matter of taste ( i do drop some things later in a more specific rule ), and whether or not you want to block all ifaces or
not is a matter of taste too...
Okay. So I have the following (not the whole pf.conf file):
#================================= # Macros #================================= log_flg = "log"
#================================= # Options #================================= set block-policy drop set loginterface $ext_if
#================================= # Filter Rules #=================================
block $log_flg all
pass $log_flg quick on lo0 all
antispoof $log_flg quick for $ext_if antispoof $log_flg quick for $dmz_if antispoof $log_flg quick for $int_if
block drop in $log_flg quick on $ext_if from $priv_nets to any block drop out $log_flg quick on $ext_if from any to $priv_nets
Why would I not see the dropped packets in my log file (pflog0). Should I be setting pflog0 as my loginterface instead of fxp0?
rvb
