Hi, I'm asking something that hasn't an absolute answer, but everyone could give his idea.
Is it usefull to log with PF ? I mean, is it usefull to log at this level ? If, for example, I let pass only HTTP traffic (port 80) and SSH (port 22) to my server, why should I log portscanning or missed connections to other ports ? How this could be usefull ? My opinion is not to log on PF, and let an IDS do the dirty work inside the LAN. Maybe it could be "smarter" to log errors for application proxyes like ftp-proxy, but really few people use it as application proxy from the wild internet to the LAN. (Most people use it to permit active-FTP with NAT, so from LAN to internet) Thanks anyone will contribute with his ideas. Ed
