Quote:
|
by the way how will you check specific packets dropped by PF? do a tcpdump on pflog?
|
Absolutely.
# tcpdump -neti pflog0 or
# tcpdump -netr /var/log/pflog are typical. You are only logging your blocked packets, so you will not see passed packets establish state tables. I log both, so I can use
action block or
action pass as desired. The rule numbers in the output will match the numbers from
# pfctl -vs rules output.