PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
Get working with pfctl -vvsr output
$ sudo pfctl -vvsr @0 block return log all [ Evaluations: 2414 Packets: 443 Bytes: 28447 States: 0 ] [ Inserted: uid 0 pid 24129 State Creations: 0 ] @1 block return log quick from <abusive_hosts:4> to any [ Evaluations: 2414 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 24129 State Creations: 0 ] @2 match in all scrub (no-df max-mss 1440) [ Evaluations: 2414 Packets: 7253 Bytes: 864340 States: 41 ] [ Inserted: uid 0 pid 24129 State Creations: 1244 ] @3 anchor "ftp-proxy/*" all
Trace your packet's path through the logic in the loaded rule set.
What's the last matching rule? Any quick rules to watch for?