On 5/21/06, Magne J. Andreassen [EMAIL PROTECTED] wrote:
set skip on { lo sis0 }
Well I'll be... somehow I didn't try that.
--
Curiousity killed the cat, but for a while I was a suspect -- Steven Wright
Security Guru for Hire http://www.lightconsulting.com/~travis/ --
GPG fingerprint: 9D3F
Travis H. wrote:
set skip on interface
Skip all PF processing on interface. This can be useful on loopback
interfaces where filtering, normalization, queueing, etc, are not
required. This option can be used multiple times. By default this option
is not set.
I tried various ways of
Shawn K. Quinn wrote:
On Thu, 2006-05-18 at 18:32 -0400, Chad M Stewart wrote:
For kicks I commented out 'antispoof' and reloaded the rule set. Ah
ha, now things are being logged and another issue resolved itself as
well.
Try adding log to the antispoof directive. This works just like
On 5/18/06, Daniel Hartmeier [EMAIL PROTECTED] wrote:
set skip on lo0
set skip on $pfsync_if# might not want this
These two lines don't add up, the second one replaces the first,
so lo0 is not really skipped. Use a single set skip line, listing
all interfaces to be skipped at once.
Ah,
On Fri, May 19, 2006 at 12:42:57AM +0200, Daniel Hartmeier wrote:
Does this mean 'antispoof for carp0' is generally (always?) a mistake?
Yes.
If you've got the same subnet on your physical interface, you can safely
do antispoof there however.
As Chad showed, packets are seen by tcpdump on
On 5/19/06, Travis H. [EMAIL PROTECTED] wrote:
On 5/18/06, Daniel Hartmeier [EMAIL PROTECTED] wrote:
set skip on lo0
set skip on $pfsync_if# might not want this
These two lines don't add up, the second one replaces the first,
so lo0 is not really skipped. Use a single set skip line,
On Thu, May 18, 2006 at 04:10:22PM -0400, Chad M Stewart wrote:
For some reason I'm not seeing every blocked packet logged.
Why do you expect every blocked packet to get logged? Not all your block
rules use 'log'. Packets could easily get blocked by a rule without 'log',
hence get blocked but
For some reason I'm not seeing every blocked packet logged. I do see
some blocked packets logged like
May 18 15:11:42.219295 rule 0/(match) block in on rl0:
24.97.79.133.3547 24.97.84.33.135: [|tcp] (DF) [tos 0x40]
But when I do a 'telnet pf-host 45' (choose any port not allowed), I
On May 18, 2006, at 4:25 PM, Daniel Hartmeier wrote:
On Thu, May 18, 2006 at 04:10:22PM -0400, Chad M Stewart wrote:
For some reason I'm not seeing every blocked packet logged.
Why do you expect every blocked packet to get logged? Not all your
block
rules use 'log'. Packets could easily
On Thu, May 18, 2006 at 04:38:44PM -0400, Chad M Stewart wrote:
# cat /etc/pf.conf |grep -v ^# |grep block
set block-policy return
block in log all
block log quick inet proto tcp from ssh-denied to $ssh_servers port
ssh label accessive-ssh
Ok, so all your block rules do have the 'log'
On Thu, May 18, 2006 at 05:24:28PM -0400, Chad M Stewart wrote:
Status: Enabled for 0 days 02:05:34 Debug: Urgent
The differences in the pfctl -si outputs look like it MUST be a block
rule without 'log' matching those packets, after all.
The grep in your /etc/pf.conf might have been
On Thu, May 18, 2006 at 04:38:44PM -0400, Chad M Stewart wrote:
set skip on lo0
set skip on $pfsync_if# might not want this
These two lines don't add up, the second one replaces the first,
so lo0 is not really skipped. Use a single set skip line, listing
all interfaces to be skipped at
On May 18, 2006, at 5:59 PM, Daniel Hartmeier wrote:
On Thu, May 18, 2006 at 05:24:28PM -0400, Chad M Stewart wrote:
Status: Enabled for 0 days 02:05:34 Debug: Urgent
The differences in the pfctl -si outputs look like it MUST be a block
rule without 'log' matching those packets,
On Thu, May 18, 2006 at 06:32:37PM -0400, Chad M Stewart wrote:
Perhaps it is just my tired brain but it seems strange
that in other rules carp0 is used as the incoming interface.
Maybe Ryan can comment, from
http://www.countersiege.com/doc/pfsync-carp/
When writing the rest of the pf
On May 18, 2006, at 6:20 PM, Daniel Hartmeier wrote:
On Thu, May 18, 2006 at 04:38:44PM -0400, Chad M Stewart wrote:
set skip on lo0
set skip on $pfsync_if# might not want this
These two lines don't add up, the second one replaces the first,
so lo0 is not really skipped. Use a single
On Thu, 2006-05-18 at 18:32 -0400, Chad M Stewart wrote:
For kicks I commented out 'antispoof' and reloaded the rule set. Ah
ha, now things are being logged and another issue resolved itself as
well.
Try adding log to the antispoof directive. This works just like adding
log to any other
16 matches
Mail list logo
