PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
PF logs via the pflogN interfaces, pflogd collects data, stores in /var/log/pflog.
peter@skapet:~$ sudo tcpdump -n -e -ttt -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: listening on pflog0, link-type PFLOG Feb 16 16:43:20.152187 rule 0/(match) block in on ep0: 194.54.59.189.2559 > 194.54.107.19.139: [|tcp] (DF) Feb 16 16:48:26.073244 rule 27/(match) pass in on ep0: 61.213.167.236 > 194.54.107.19: icmp: echo request Feb 16 16:49:09.563448 rule 0/(match) block in on ep0: 61.152.249.148.80 > 194.54.107.19.55609: [|tcp] Feb 16 16:49:14.601022 rule 0/(match) block in on ep0: 194.54.59.189.3056 > 194.54.107.19.139: [|tcp] (DF) Feb 16 16:53:10.110110 rule 0/(match) block in on ep0: 68.194.177.173 > 194.54.107.19: [|icmp] Feb 16 16:55:54.818549 rule 27/(match) pass in on ep0: 61.213.167.237 > 194.54.107.19: icmp: echo request Feb 16 16:57:55.577782 rule 27/(match) pass in on ep0: 202.43.202.16 > 194.54.107.19: icmp: echo request