> Is it possible to bring up more than one pflog interfaces on PF, like > pflog0, pflog1,...etc, and be able to have a rule log to a specific > interface? I tried Block on log pflog0 .... and made a syntax error - would > this be a 'good thing' for PF?
you can listen multiple times on the same pflog0 and use bpf filters to split them up pflogd0 -f /var/log/pf.blocked action block pflogd0 -f /var/log/pf.passed action pass pflogd0 -f /var/log/pf.rule.15 rulenum 15 pflogd0 -f /var/log/pf.fxp0 on fxp0 etc. .mike
