loggdata fra pflog inneholder regelnummer i aktivt regelsett
$ sudo tcpdump -nettti pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: listening on pflog0, link-type PFLOG Sep 13 15:26:52.122002 rule 17/(match) pass in on epic0: 91.143.126.48.46618 > 194.54.103.65.22: [|tcp] (DF) Sep 13 15:28:02.771442 rule 12/(match) pass in on epic0: 194.54.107.19.8025 > 194.54.107.18.8025: udp 50 Sep 13 15:28:02.773958 rule 10/(match) pass in on epic0: 194.54.107.19.8025 > 194.54.103.65.8025: udp 50 Sep 13 15:29:27.882888 rule 10/(match) pass in on epic0: 194.54.107.19.29774 > 194.54.103.65.53:[|domain] Sep 13 15:29:28.394320 rule 12/(match) pass in on epic0: 194.54.107.19.29774 > 194.54.107.18.53:[|domain]
jamfør med pfctl -vvsr
$ sudo pfctl -vvsr @0 scrub in all fragment reassemble [ Evaluations: 6116699 Packets: 3069556 Bytes: 646214426 States: 0 ] [ Inserted: uid 0 pid 2006 ] @0 block return log all [ Evaluations: 102723 Packets: 2539 Bytes: 269448 States: 0 ] [ Inserted: uid 0 pid 2006 ] @1 block return log quick from <bruteforce:1> to any [ Evaluations: 102723 Packets: 40 Bytes: 2384 States: 0 ] [ Inserted: uid 0 pid 2006 ] @2 anchor "ftp-proxy/*" all [ Evaluations: 102683 Packets: 28044 Bytes: 22617668 States: 0 ] [ Inserted: uid 0 pid 2006 ]