As long as PF is enabled and you haven't done a 'set skip on interface'. Putting block log all' at the start of the policy will catch everything hitting the default deny and adding 'log' to the access rules will record everything else.
If you're using the platform as a multihomed firewall, it may make life simpler to grant the egress interfaces access by default, and put security policy enforcement on the ingress interface. Regards Greg > -----Original Message----- > From: Michael [mailto:[email protected]] > Sent: 09 March 2011 9:41 AM > To: Greg Hennessy > Cc: [email protected] > Subject: Re: multiple loginterface > > On 09/03/2011 09:29, Greg Hennessy wrote: > > What's the likely use case ? Jails ? > > > > I was thinking about something else, please correct me if I'm wrong. I'm using > two interfaces to get online on a regular basis, one is gsm and another one is > wifi. > I want to monitor both of them at any given time so I thought I need multiple > loginterfaces? > > Michael
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
