Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Command line.

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sam_son
      last edited by

      Is it possible to view blacked traffic via command line. pfTop is available but I cannot see a way of viewing the blocked traffic.

      I just though this may be useful for generating blacklists etc whilst also being interested as to who the offending IP's are.

      Any ideas

      Regards

      Sam

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        something like:
        pfctl -s rules -v | more
        might be helpful. Complete options should be here: http://www.freebsd.org/cgi/man.cgi?query=pfctl&manpath=FreeBSD+7.0-RELEASE
        It might be easier to log the rule you are interested in and use the gui or syslogs.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          You can "tail" the filter log on the command line, which should show blocked packets, like so:

          clog -f /var/log/filter.log
          

          Be aware that this will first print the entire contents of the log and then follow it, much like tail -f.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • S
            sam_son
            last edited by

            Many thanks for the reply jimp,

            It works but do you know a way of just viewing the IP addresses?. The file moves pretty quickly and it would be nice to have a list of offending ip addresses to take appropriate action against.

            Any ideas?

            Thanks everybody for the help so far.

            1 Reply Last reply Reply Quote 0
            • M
              mhab12
              last edited by

              Did you take a look at Status/System Logs/Firewall?  This file is also available 'in the raw' somewhere, I'm not sure the path though…perhaps someone can enlighten us.  Sounds like you might also be interested in the Snort package.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                The filter log is the raw log, there is no parsed copy that is kept anywhere.

                You'd have to pass the log through some kind of filtering/parsing program to show only the IP addresses. Not sure if there is anything out there that will do it, but someone might be able to work up some perl or sed/awk mojo to get it done.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • S
                  sam_son
                  last edited by

                  Thanks jimp,

                  I think I'm barking up the wrong tree and there must be tools available for log analysis. It would have been nice to have a basic command line real time log to view the baddies. I would then just add them once in a while to the block list. Alternatively I'm sure there is somewhere on the internet that lists prone spammers etc.

                  I will continue my journey.

                  I would think that snort needed installing on a seperate machine and the use of snort2pfsense implemented. To be honest the chances of me getting that all working at the moment are fairly slim. My time is limited and my knowledge of linux skills are also not brilliant but I am learning slowly but surely.

                  http://www.bellera.cat/josep/snort2pfsense/

                  Cheers

                  Sam

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    With my recent changes to the dashboard it was actually fairly trivial to write a CLI log parser. It just reads from STDIN and uses the existing log parsing functions.

                    I'll see if I can get it polished up and into the next dashboard package. It may not really belong there, per se, but since it requires changes I just made, it may be unavoidable.

                    Be on the lookout for dashboard-0.7.4 on the package list by the end of the weekend.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • S
                      sam_son
                      last edited by

                      Many thanks jimp,

                      I'm not entirely sure what the dashboard is for but any further help with this subject would be appreciated. Forgive my ingnorance, I looked up the dashboard under packages and could not find any info on it.

                      Regards

                      Sam

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        The dashboard package replaces the main page of the pfSense router with a fancier version that has customizable widgets. There are widgets that show system information, traffic graphs, firewall logs, interface status, service status, and more.

                        For a while the filter log part of the dashboard was broken, and I made some changes to the code that fixed it. As a part of those changes, I also added the command line parser I mentioned.

                        The version with the CLI parser should be online now, I posted it late Saturday night.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.