Hello,
I recently setup PF to work on a server. Everything seems to be going well except that nothing is showing up in pflog.
Here is what I have:
My /etc/rc.conf/ (partial)
pf status
pf.conf
The issue is nothing shows up in the pflog.
My file permissions from
So what am I doing wrong that I am not getting any logs?
I recently setup PF to work on a server. Everything seems to be going well except that nothing is showing up in pflog.
Here is what I have:
Code:
root@Spider:~ # uname -r
13.1-RELEASE
My /etc/rc.conf/ (partial)
Code:
## PF firewall
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
##
Code:
root@Spider:~ # service pf status
Status: Enabled for 0 days 22:21:23 Debug: Urgent
Interface Stats for bge1 IPv4 IPv6
Bytes In 632082 0
Bytes Out 626008 0
Packets In
Passed 7439 0
Blocked 245 0
Packets Out
Passed 19 0
Blocked 0 0
State Table Total Rate
current entries 5
searches 15123 0.2/s
inserts 6143 0.1/s
removals 6138 0.1/s
Counters
match 6409 0.1/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
map-failed 0 0.0/s
pf.conf
Code:
root@Spider:~ # less /usr/local/etc/pf.conf
# /usr/local/etc/pf.conf
## Set your public interface ##
ext_if="bge1"
## Set your server public IP address ##
ext_if_ip="xxx.xxx.xxx.89"
## Set and drop these IP ranges on public interface ##
martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
## Set http(80)/https (443) port here ##
webports = "{http, https}"
## enable these services ##
int_tcp_services = "{domain, ntp, smtp, www, https, ftp}"
int_udp_services = "{domain, ntp}"
## Skip loop back interface - Skip all PF processing on interface ##
set skip on lo
## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ##
set loginterface $ext_if
# Deal with attacks based on incorrect handling of packet fragments
scrub in all
## Set default policy ##
block return in log all
block out all
# Drop all Non-Routable Addresses
block drop in quick on $ext_if from $martians to any
block drop out quick on $ext_if from any to $martians
## Blocking spoofed packets
antispoof quick for $ext_if
# Open SSH port which is listening on port 444
## Use the following rule to enable ssh for ALL users from any IP address #
## pass in inet proto tcp to $ext_if port ssh
### [ OR ] ###
pass in inet proto tcp to $ext_if port 444
# Allow icmp stuff. Be a good sysadmin
pass inet proto icmp from any to any
# All access to our Nginx/Apache/Lighttpd Webserver ports
pass proto tcp from any to $ext_if port $webports
# Allow essential outgoing traffic
pass out quick on $ext_if proto tcp to any port $int_tcp_services
pass out quick on $ext_if proto udp to any port $int_udp_services
# Add custom rules below
# Allow DNS
pass in on $ext_if proto tcp from any to ($ext_if) port 53
pass in on $ext_if proto udp to ($ext_if) port 53
The issue is nothing shows up in the pflog.
Code:
root@Spider:~ # tcpdump -n -e -ttt -r /var/log/pflog
tcpdump: truncated dump file; tried to read 4 file header bytes, only got 0
ls -l
Code:
drwxr-xr-x 24 root wheel 512 Jun 30 05:43 var
drwxr-xr-x 3 root wheel 1536 Nov 10 09:00 log
-rw-r--r-- 1 root wheel 0 Nov 9 22:00 pflog
So what am I doing wrong that I am not getting any logs?