DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security
Reload this Page pfctl -s info counters don't change
FAQ Search Today's Posts Mark Forums Read

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th July 2008
audio audio is offline
Port Guard
  
Join Date: May 2008
Posts: 17
Thanked 0 Times in 0 Posts
Default pfctl -s info counters don't change
Here is the nmap command I'm using to try to change counters other than match when I type pfctl -s info

Quote:
nmap --ip-options "R" --mtu 8 -sA --ttl 1 192.168.1.112
I'm scrubbing inbound traffic so shouldn't that command change a number of PF statistics other than just "match"? I'd like to be able to verify someway that PF is actually working. For example it is actually scrubbing traffic, and everything I've tried hasn't worked.
Last edited by audio; 16th July 2008 at 08:18 PM.
Reply With Quote
  #2   (View Single Post)  
Old 16th July 2008
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 2,798
Thanked 182 Times in 149 Posts
Default
Add some log modifiers to your pf ruleset. Then you can use tcpdump -eni pflog0 to verify which rule matched a packet.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 16th July 2008
audio audio is offline
Port Guard
  
Join Date: May 2008
Posts: 17
Thanked 0 Times in 0 Posts
Default
Quote:
Originally Posted by J65nko View Post
Add some log modifiers to your pf ruleset. Then you can use tcpdump -eni pflog0 to verify which rule matched a packet.
I can do that, but for example if I do a tcpdump -eni pflog0 not reason match" then I don't get any results. There are a lot of other reasons in the PF manual such as bad-offset, fragment, short, normalize, memory, etc., and I'd like to be able to trigger those and see them in the logs, or in the pf info stats.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
uncovering network info? evilunixuser Other OS 2 2nd June 2009 04:35 PM
Using a LiveCD to gather info phreud FreeBSD Installation and Upgrading 9 14th November 2008 11:43 PM
port info sniper007 FreeBSD General 6 14th November 2008 10:46 AM
PF and label counters espenfjo FreeBSD General 2 2nd July 2008 03:17 PM
README (Forum Rules and Info) Carpetsmoker Forum Announcements 0 30th April 2008 04:22 PM


All times are GMT. The time now is 08:51 PM.

DaemonForums.org RSS Feeds - Contact Us - DaemonForums.org - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick