Module Name: src
Committed By: christos
Date: Sat Jan 7 18:48:47 UTC 2017
Modified Files:
src/usr.sbin/npf/npfd: npfd.8
Log Message:
add example.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/usr.sbin/npf/npfd/npfd.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npfd/npfd.8
diff -u src/usr.sbin/npf/npfd/npfd.8:1.1 src/usr.sbin/npf/npfd/npfd.8:1.2
--- src/usr.sbin/npf/npfd/npfd.8:1.1 Sat Jan 7 11:48:03 2017
+++ src/usr.sbin/npf/npfd/npfd.8 Sat Jan 7 13:48:47 2017
@@ -1,4 +1,4 @@
-.\" $NetBSD: npfd.8,v 1.1 2017/01/07 16:48:03 christos Exp $
+.\" $NetBSD: npfd.8,v 1.2 2017/01/07 18:48:47 christos Exp $
.\" $OpenBSD: pflogd.8,v 1.35 2007/05/31 19:19:47 jmc Exp $
.\"
.\" Copyright (c) 2001 Can Erkin Acar. All rights reserved.
@@ -225,7 +225,27 @@ The direction was outbound.
Display the logs in real time of inbound packets that were blocked on
the wi0 interface:
.Bd -literal -offset indent
-# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
+# tcpdump -n -e -ttt -i npflog0 inbound and action block and on wi0
+.Ed
+.Pp
+Each
+.Xr npf 4
+rule is marked with an id number, shown using:
+.Bd -literal -offset indent
+# npfctl show
+...
+ block final all apply "log" # id="45"
+...
+.Ed
+.Pp
+This id is the rule id shown by tcpdump:
+.Bd -literal -offset indent
+# tcpdump -enr /var/log/npflog0.pcap
+...
+11:26:02.288199 rule 45.rules.0/0(match): block in on sk0: \e
+1.2.3.4.46063 > 5.6.7.8.23231: Flags [S], seq 1, win 8192, \e
+options [mss 1440], length 0
+...
.Ed
.Sh SEE ALSO
.Xr pcap 3 ,
@@ -233,6 +253,7 @@ the wi0 interface:
.Xr npf.conf 5 ,
.Xr newsyslog 8 ,
.Xr npf 7 ,
+.Xr npfctl 8 ,
.Xr tcpdump 8
.Sh HISTORY
The
