Hello I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all blocked packets, and send them to /var/log/pfblocklog to be read with tcpdump. What and where should be the rule?
# $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ # set skip on lo ### Agregadas por mi: (added by me) block return pass in quick log on rl0 proto tcp from any to port 22 pass out quick on rl0 to any pass in quick log on rl0 proto tcp from any to port 21 pass in quick log on rl0 proto tcp from any to port 80 ### Fin. (end) # filter rules and anchor for ftp-proxy(8) anchor "ftp-proxy/*" pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 pass # to establish keep-state # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp to port 6000:6010 Thanks for your attention.
