For some reason I'm not seeing every blocked packet logged. I do see
some blocked packets logged like
May 18 15:11:42.219295 rule 0/(match) block in on rl0:
24.97.79.133.3547 > 24.97.84.33.135: [|tcp] (DF) [tos 0x40]
But when I do a 'telnet pf-host 45' (choose any port not allowed), I
don't see the connection being blocked in the log. The connection
does not succeed but packet is not logged. Below is the start of the
filter section output from pfctl -s all. If more information is
needed I can provide.
FILTER RULES:
scrub in on carp0 all fragment reassemble
scrub out on carp0 all random-id fragment reassemble
block return in log all
block drop in on ! rl0 inet from 172.16.10.0/24 to any
block drop in inet from 172.16.10.1 to any
block drop in on ! rl1 inet from 192.168.1.0/24 to any
block drop in inet from 192.168.1.45 to any
block drop in on ! rl2 inet from 172.16.30.0/24 to any
block drop in inet from 172.16.30.2 to any
block drop in on ! carp0 inet from 24.97.84.32/29 to any
block drop in inet from 24.97.84.33 to any
block drop in on ! carp1 inet from 192.168.1.0/24 to any
block drop in inet from 192.168.1.1 to any
block return log quick inet proto tcp from <ssh-denied> to
192.168.1.6 port = ssh label "accessive-ssh"
To check logging I'm using
# tcpdump -n -e -ttt -i pflog0
# uname -a
OpenBSD sibyl.balius.com 3.9 GENERIC#617 i386
Any pointers to what I've got incorrect would be great.
Thank you,
Chad
