> I have another soekris running 2.0-BETA2 and seeing the following in the > logs from it(it's not logging source or destination). Be nice to have > the source ip address... > > Lyle Giese > LCR Computer Services, Inc. > > Jun 8 21:47:21 proxy pf: 00:00:00.000350 rule 2/0(match): block in on sis0: > (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 243) > Jun 8 21:47:21 proxy pf: 00:00:00.000302 rule 2/0(match): block in on sis0: > (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 235) > Jun 8 21:47:21 proxy pf: 00:00:00.000290 rule 2/0(match): block in on sis0: > (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 243) > Jun 8 21:47:21 proxy pf: 00:00:00.000289 rule 2/0(match): block in on sis0: > (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 243)
On 2.0 the pf logs are split into two lines. You need the line after this to see the remainder of the log info. As for the ports you are seeing, they don't look familiar to me, but going by the list here: https://isc.sans.org/port.html They aren't common in terms of source or destination ports seen. https://isc.sans.org/port.html?port=19295 https://isc.sans.org/port.html?port=19296 https://isc.sans.org/port.html?port=61891 Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
