On Tue, Jan 18, 2005 at 09:56:03AM -0600, Rick Barter wrote: > > Why would I not see the dropped packets in my log file (pflog0).
in this case i think you would. i looked back at the original pf.conf you posted that the other fellow replied to and the 'block all' didn't have the "$log_flg" in it (cute idea, btw)... is it possible that you weren't seeing them before, but added the $log_flg to this pf.conf after the problem? eg - with 'block $log_flg all', are you seeing any currently happening filtering problems show up in the log, or currently experiencing filtering problems which are not showing in the log? if problems w/o log evidence, there has to be another matching rule (likely before one of your quicks) which doesn't log. as long as pf is enabled, 'block $log_flg all' will apply to every interface that pf has jurisdiction over ( which is what... all of them? :P ). as long as that is the first filter rule, you ensure that unless you have later matching rules which act upon a packet (either pass or block), each packet pf can see will both be logged and blocked. > Should I be setting pflog0 as my loginterface instead of fxp0? nope, 'loginterface' is for the interface pf collects operational statistics on ( eg pfctl -si ). i believe the interface name and number, pflog0, are hardcoded. then pflogd(8) listens to pflog0 and redirects that down into /var/log/pflog ( by default ). -- [ openbsd 3.6 GENERIC ( dec 11 ) // i386 ]
