Re: pf logging only no active filtering

Thu, 15 Jun 2017 13:22:26 -0700 

Don't get me wrong. I get your point.
I guess when using your method, I need to put in rule by rule, to test each "pass" rule one on its own - okay no problem. But ... :D 
I also need to test a mix of 300 nat/binat/rdr rules out of 10 networks.
So the pass quick rule can't help me, because the nat rules still getting evaluated and filtered ( rule order ) or I'm wrong ? 


I'm looking for something like pfctl -vv -n -f /etc/pf.conf for the pf 
set which is logging against an "virtual" rule set, what will not take 
any actions except logging the theoretical action to pflog.0 .


Am 15.06.2017 um 21:47 schrieb Mike Tancsa:

On 6/15/2017 3:32 PM, Malte Graebner wrote:

using quick phrase has the side effect, that Im not able to see, if
there are any packets that would be blocked which shouldn't, because of
not eval the hole ruleset ( about 500 rules ).

I am not sure I follow, can you rephrase/state the above ? Do you mean
the quick pass rule is not being evaluated, even if its the very first
rule ?  perhaps illustrate the condition with a minimal set of pf rules?

If you dont use the pass in {rdr|binat|nat} and make the quick line the
first line, nothing should get evaluated after the quick pass.
Also, I would always add 'log' to all the rules when debugging, so you
see whats actually being hit.  There should not be any mysteries that way.

        ---Mike





e.g. : multiple bi directional nat rules , doing not what I expect them
to do. Then I can fix the ruleset, without affecting the live
environment. But therefore I need to process the hole ruleset, to not
get unhandy suprises with some rules when going live.


Am 15.06.2017 um 21:18 schrieb Mike Tancsa:

On 6/15/2017 2:21 PM, Malte Graebner wrote:

Hello folks,
is there an option, to only log all stuff going on via "log" command and
without taking any action to traffic flow itself ?

Perhaps

pass quick log <make it specific or general as you want>

... quick matches and then no longer evals the rules.

     ---Mike








_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"






















					Reply via email to