Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dump all blocked packets?

    Firewalling
    3
    5
    1267
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      Is it possible to do a tcpdump on all the packets that the firewall blocks?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        No, there isn't. The firewall log is obtained using tcpdump on the pflog interface, but it doesn't capture the full packet, just the header and in some cases a partial payload.

        If you run a packet capture directly on the interface, you'll get all packets, passed and blocked.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          Thanks for the info!  I was closing my eyes and hoping there was a magic bullet.

          1 Reply Last reply Reply Quote 0
          • S
            SeventhSon last edited by

            Would there be a way to do a firewall rule with a "redirect" to send it to a separate interface with a host capturing there? Maybe with the Gateway option under the Advanced Options for a firewall rule? Haven't tried this myself now…

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              not in the GUI.

              pf has a dup-to keyword, iirc, but we don't have any way to express that in the GUI. Even so I think it only works on passed/routed packets and not blocked, but I may be wrong.

              1 Reply Last reply Reply Quote 0

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2020 Rubicon Communications, LLC | Privacy Policy