Re: pf rule?

Wed, 20 Jul 2011 03:34:11 -0700 

Hi,

Try this:
block log return

Cheers,

Wesley.

On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez <fquinon...@gmail.com>
wrote:
> Hello
> 
> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all
> blocked packets, and send them to /var/log/pfblocklog to be read with
> tcpdump. What and where should be the rule?
> 
> #     $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
> #
> 
> set skip on lo
> 
> ### Agregadas por mi: (added by me)
> block return
> 
> pass in quick log on rl0 proto tcp from any to port 22
> pass out quick on rl0 to any
> pass in quick log on rl0 proto tcp from any to port 21
> pass in quick log on rl0 proto tcp from any to port 80
> 
> ### Fin. (end)
> 
> # filter rules and anchor for ftp-proxy(8)
> anchor "ftp-proxy/*"
> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
> 
> pass          # to establish keep-state
> 
> # By default, do not permit remote connections to X11
> block in on ! lo0 proto tcp to port 6000:6010
> 
> Thanks for your attention.

Reply via email to