Thank you all. Thanks to your indications, i've found my problem. It was just a block line (when i really looked at it, i still ask why she was here) which was at the end of my block group.
I removed it, and my logging worked fine. Pierre, yes i know all these things. I use pf since OpenBSD 3.4, and i'm spent more time on pf than any other firewall. But, as i just did, i could still do some stupid stuff. 2009/3/9 Pierre Lamy <pie...@userid.org> > Without the "quick" keyword, pf evaluates all of your rules and if a > more-permissive rule exists to match the traffic flow, it is used. This is > different than some commercial firewalls such as Check Point which stop when > the traffic matches a rule, and the rules are processed in order. > > It's common in a pf setup, to block all at the beginning of the security > rules, without the quick keyword, and then add the pass rules afterwards. > Anything not matching a pass rule would by default hit your first block all > rule. > > If you are very used to an in-order-stop-when-match firewall then using > quick on every rule will be more familiar to you, and your block quick log > all should be at the bottom of your rulebase after the pass rules. > > Pierre > > patrick keshishian wrote: > >> On Sun, Mar 8, 2009 at 11:12 AM, Maxx Twayne <maxxtwa...@gmail.com> >> wrote: >> >> >>> Hi, >>> >>> I would like to see all blocked packets with pf. And i used this : >>> >>> block in log on $ext_if all >>> block out log all >>> >>> But when i read on pflog0 on the pflog file, i didn't got any blocked >>> packets. >>> Only the logged pass that i asked. >>> >>> Is there any kind of protection, or i did something wrong ? >>> >>> >> >> hard to tell with the small snippet of your pf.conf you included. It >> could be a problem with your rule-set that allows everything to pass. >> can't tell with the info you provided. >> >> --patrick