4. Rule name in filter.log

Rule name in filter.log

  • M

    Hi all

    Is it possible to get the rule name which is blocking a connection.

    Have a look at this filter.log entry:

    
Dec 29 01:20:17 x13 pf: 00:00:02.930278 rule 41/0(match): block in on vr2: (tos 0x0, ttl 106, id 22828, offset 0, flags [DF], proto TCP (6), length 48)
Dec 29 01:20:17 x13 pf:     61.38.162.67.4668 > X.X.X.X.445: Flags [s], cksum 0xdb45 (correct), seq 2986860058, win 65535, options [mss 1460,nop,nop,sackOK], length 0

As you can see, rule 41/0 matched. How can I show the name of the rule (to identify it)?

Thanks in advance
mki[/s]
    0
  • Rebel Alliance

    Try with:

    
pfctl -vvsr
    0
  • M

    I am sending my filter logs to a syslog server. Is it possible to have the rule name in the log entries?

    0
  • Rebel Alliance Developer Netgate

    No. There is no way to embed that information in the logs directly. The rule number is all you can get, and because that can potentially change periodically, it can be tough to nail down exactly. There are many discussions about this around the forum, search a bit and you'll find them.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy