Re: scrub blocking SF, but not logging

Camiel Dobbelaar Sat, 25 Feb 2006 01:11:53 -0800

On Fri, 24 Feb 2006, Jon Hart wrote:
> scrub all no-df random-id fragment reassemble
> 
> Any ideas why this is not logged, or is this operator error?


I don't think it's very well known, but you can set 'log' on the scrub  
rule.  That will show you more info if scrub kicks in:

10:01:06.100845 rule 0/(fragment) scrub in on sis0: 193.0.0.195 > 82.217.x.x: 
(frag 61843:[EMAIL PROTECTED]) (DF) (ttl 61, len 630)
10:01:06.100972 rule 0/(fragment) scrub in on sis0: 193.0.0.195.53 > 
82.217.x.x.29785:  58221*-[|domain] (frag 61843:[EMAIL PROTECTED]) (DF) (ttl 
61, len 1500)
10:01:06.106046 rule 0/(fragment) scrub in on sis0: 193.0.0.195 > 82.217.x.x: 
(frag 61844:[EMAIL PROTECTED]) (DF) (ttl 61, len 642)
10:01:06.106200 rule 0/(fragment) scrub in on sis0: 193.0.0.195.53 > 
82.217.x.x.29785:  34991*-[|domain] (frag 61844:[EMAIL PROTECTED]) (DF) (ttl 
61, len 1500)

(but it looks like tcpdump cannot filter on "action scrub" yet)

--
Cam

Re: scrub blocking SF, but not logging

Reply via email to