Also, you can see a sample on http://mouedine.net/ruleset49.aspx
Wesley. On Wed, 20 Jul 2011 14:27:27 +0400, Wesley MOUEDINE ASSABY <open...@e-solutions.re> wrote: > Hi, > > Try this: > block log return > > Cheers, > > Wesley. > > On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez <fquinon...@gmail.com> > wrote: >> Hello >> >> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all >> blocked packets, and send them to /var/log/pfblocklog to be read with >> tcpdump. What and where should be the rule? >> >> # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ >> # >> >> set skip on lo >> >> ### Agregadas por mi: (added by me) >> block return >> >> pass in quick log on rl0 proto tcp from any to port 22 >> pass out quick on rl0 to any >> pass in quick log on rl0 proto tcp from any to port 21 >> pass in quick log on rl0 proto tcp from any to port 80 >> >> ### Fin. (end) >> >> # filter rules and anchor for ftp-proxy(8) >> anchor "ftp-proxy/*" >> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 >> >> pass # to establish keep-state >> >> # By default, do not permit remote connections to X11 >> block in on ! lo0 proto tcp to port 6000:6010 >> >> Thanks for your attention.
