I'm trying to set up a pf firewall. I'd like to log all the dropped packets.
Here's my pf.conf so far:
I'm not sure of the
I use
As advised here: http://www.openbsd.org/faq/pf/logging.html I use
to try to monitor the logs but nothing appears when I do that. No packets.
I attempted to telnet many ports, wget, nmap the host, but nothing appears in the log. Nothing.
What am doing wrong?
Here's my pf.conf so far:
Code:
tcp_internet_out="{53, 80, 443, 123}"
udp_internet_out="{53}"
block log all
pass in quick on lo0
pass out quick on lo0
pass in quick on re0 inet proto tcp from any to (re0) port 22
pass out quick on re0 inet proto tcp from (re0) to any port $tcp_internet_out
pass out quick on re0 inet proto udp from (re0) to any port $udp_internet_out
pass in quick on re0 inet proto icmp from any to (re0) icmp-type echoreqI'm not sure of the
block log all syntax but I found examples that used it on the internet. I tried many other variants but none work.I use
$ sudo service pf restart to reload the rules, and then: $ sudo service pflog restart to (re)-start the logging service.As advised here: http://www.openbsd.org/faq/pf/logging.html I use
$ sudo tcpdump -n -e -ttt -i pflog0to try to monitor the logs but nothing appears when I do that. No packets.
I attempted to telnet many ports, wget, nmap the host, but nothing appears in the log. Nothing.
What am doing wrong?
