|
Guides All Guides and HOWTO's. |
|
Thread Tools | Display Modes |
|
|||
Keeping your /var/log/pflog file clean and managable
When you use pf with a default policy of block log all you will quickly find the /var/log/pflog being filled with for example DHCP traffic and NetBIOS broadcasts.
To keep this file clean and managable, you can use a simple technique. To understand this method you have to keep in mind the two characteristics of pf that are mentioned in pf.conf(5):
By inserting a block quick without log, before the default block log all policy, we block the unwanted traffic. Any other traffic will be blocked but also logged. Some practical examples of applying this technique:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 4th February 2014 at 10:56 PM. |
|
|||
Question
Would the second example still work if the order of the rules are reversed? Code:
# block but don't log some log polluters block log all block quick inet proto udp from any to port {netbios-ns, netbios-dgm } block quick inet proto udp from any to port { bootps,bootpc }
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Quote:
It evaluates from top to bottom but still uses the rule that matches exactly unless the block quick is used, which says stop evaluating if it matches. |
|
|||
You get an award of 10 stars
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
Tags |
packet filter, pf firewall, pf.conf, pflog |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to force a file system clean? | Quaxo | OpenBSD General | 21 | 24th July 2011 09:24 PM |
Keeping /var/log/pflog clean from NetBIOS and SSID junk | J65nko | General software and network | 1 | 26th April 2010 02:12 PM |
pflog not logging. | bsdnewbie999 | OpenBSD General | 9 | 13th March 2009 11:19 PM |
Why PFLOG can't LOG anything????? | chamnanpol | FreeBSD General | 1 | 18th June 2008 07:09 PM |