First; keep in mind that
pflog_logfile is already defined in
/etc/defaults/rc.conf so you don't need to specify it: it's used by default.
How big is
/var/log/pflog on your end?
I can somewhat reproduce your problem. I've also set up logging, but mostly for
pfctl purposes:
Code:
Interface Stats for bge1 IPv4 IPv6
Bytes In 2291323902 0
Bytes Out 1761328172 0
Packets In
Passed 5873991 0
Blocked 85602 0
Packets Out
Passed 7089566 0
Blocked 15640 0
I've also explicitly used
set loginterface $ext_if in my setup.
But indeed: despite logging being in effect and despite several blocked packets my
/var/log/pflog file is only 24bytes. So non-existent.
And I just solved it (I'm usually studying while writing), see also
pf.conf(5):
Code:
log In addition to the action specified, a log message is generated.
Only the packet that establishes the state is logged, unless the no
state option is specified. The logged packets are sent to a
pflog(4) interface, by default pflog0. This interface is monitored
by the pflogd(8) logging daemon, which dumps the logged packets to
the file /var/log/pflog in pcap(3) binary format.
So: you need an explicit rule in your firewall configuration which tells it to log those specific packets, and I think you don't have that. PF uses logging in two ways: if you set up a log interface then it will gather statistics and such which are then shown using
# pfctl -s info
, but if you need to actually log packets you need a specific rule.
For example:
block log on $ext_if (I'm always using macros):
Code:
peter@breve:/etc# pfctl -s rules | grep log
block drop log on bge1 all
Hope this can help!
(edit)
Well, I've just added the above rule to my configuration and what do you know...
Code:
peter@breve:/var/log# tcpdump -r /var/log/pflog | wc -l
reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
23
I'm positive that this is the solution to your problem