4. Rule name in filter.log

Rule name in filter.log

  • M

    Hi all

    Is it possible to get the rule name which is blocking a connection.

    Have a look at this filter.log entry:

    
Dec 29 01:20:17 x13 pf: 00:00:02.930278 rule 41/0(match): block in on vr2: (tos 0x0, ttl 106, id 22828, offset 0, flags [DF], proto TCP (6), length 48)
Dec 29 01:20:17 x13 pf:     61.38.162.67.4668 > X.X.X.X.445: Flags [s], cksum 0xdb45 (correct), seq 2986860058, win 65535, options [mss 1460,nop,nop,sackOK], length 0

As you can see, rule 41/0 matched. How can I show the name of the rule (to identify it)?

Thanks in advance
mki[/s]
    0
  • Rebel Alliance

    Try with:

    
pfctl -vvsr
    0
  • M

    I am sending my filter logs to a syslog server. Is it possible to have the rule name in the log entries?

    0
  • Rebel Alliance Developer Netgate

    No. There is no way to embed that information in the logs directly. The rule number is all you can get, and because that can potentially change periodically, it can be tough to nail down exactly. There are many discussions about this around the forum, search a bit and you'll find them.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy