Quote:
Originally Posted by J65nko
Add some log modifiers to your pf ruleset. Then you can use tcpdump -eni pflog0 to verify which rule matched a packet.
|
I can do that, but for example if I do a tcpdump -eni pflog0 not reason match" then I don't get any results. There are a lot of other reasons in the PF manual such as bad-offset, fragment, short, normalize, memory, etc., and I'd like to be able to trigger those and see them in the logs, or in the pf info stats.