PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
pflog log data include rule number matched in the loaded rule set
$ sudo tcpdump -nettti pflog0 tcpdump: WARNING: snaplen raised from 116 to 160 tcpdump: listening on pflog0, link-type PFLOG Feb 09 21:56:32.101323 rule 0/(match) match in on xl0: 46.137.7.164.25006 > 213.187.179.198.53: 56777% [1au][|domain] Feb 09 21:56:32.101376 rule 227/(match) pass in on xl0: 46.137.7.164.25006 > 213.187.179.198.53: 56777% [1au][|domain] Feb 09 21:56:32.132560 rule 0/(match) match in on xl0: 46.137.7.164.42543 > 213.187.179.198.53: 23527% [1au][|domain] Feb 09 21:56:32.132591 rule 227/(match) pass in on xl0: 46.137.7.164.42543 > 213.187.179.198.53: 23527% [1au][|domain] Feb 09 21:56:32.432639 rule 0/(match) match in on ral0: 10.168.103.15.44519 > 199.59.148.30.80: S 4250570822:4250570822(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1978946988[|tcp]> (DF) Feb 09 21:56:32.432705 rule 114/(match) pass in on ral0: 10.168.103.15.44519 > 199.59.148.30.80: S 4250570822:4250570822(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1978946988[|tcp]> (DF) Feb 09 21:56:32.432734 rule 3/(match) match out on xl0: 213.187.179.198.44519 > 199.59.148.30.80: S 4250570822:4250570822(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1978946988[|tcp]> Feb 09 21:56:32.432744 rule 5/(match) match out on xl0: 213.187.179.198.44519 > 199.59.148.30.80: S 4250570822:4250570822(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1978946988[|tcp]> Feb 09 21:56:32.432768 rule 114/(match) pass out on xl0: 213.187.179.198.44519 > 199.59.148.30.80: S 4250570822:4250570822(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1978946988[|tcp]>
match to pfctl -vvsr output