Hi, On Wed, 4 Feb 2004, Ray wrote:
> Is it possible to log the OS of a passed/blocked packet, instead > of just using the OS for filtering? I am trying to do an analysis > of what OSes are typically used for, say, spamming. You can use 'label' on your 'pass in' rule for SMTP with OS fingerprinting. But unfortunately, there is no '$os' macro to use with label. Then, you must split your SMTP rule in N rules for each OS with associated label. One rule for each OS you want to trace. ex : pass in log on $EXT inet proto tcp port = smtp os Windows keep state label Windows A++ Foxy -- Laurent Cheylus <[EMAIL PROTECTED]> OpenPGP ID 0x5B766EC2