| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
Crucial for tracking what actually happens to a packet, once a packet matches the log (matches) rule, all subsequent rule matches for the packet are logged.
match in log (matches) on $int_if from $testhost tag testhost
One website lookup:
Apr 29 21:08:24.386474 rule 3/(match) match in on em0: 192.168.103.44.14054 > 81.93.163.115.80: S 1381487359:1381487359(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 735353043[|tcp]> (DF) Apr 29 21:08:24.386487 rule 11/(match) block in on em0: 192.168.103.44.14054 > 81.93.163.115.80: S 1381487359:1381487359(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 735353043[|tcp]> (DF) Apr 29 21:08:24.386497 rule 17/(match) pass in on em0: 192.168.103.44.14054 > 81.93.163.115.80: S 1381487359:1381487359(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 735353043[|tcp]> (DF) Apr 29 21:08:24.386513 rule 17/(match) pass in on em0: 192.168.103.44.14054 > 81.93.163.115.80: S 1381487359:1381487359(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 735353043[|tcp]> (DF) Apr 29 21:08:24.386553 rule 5/(match) match out on xl0: 213.187.179.198.14054 > 81.93.163.115.80: S 1381487359:1381487359(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 735353043[|tcp]> (DF) Apr 29 21:08:24.386568 rule 16/(match) pass out on xl0: 213.187.179.198.14054 > 81.93.163.115.80: S 1381487359:1381487359(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 735353043[|tcp]> (DF)