I am learning pf and in order to use it as much as possible, I also use it on my Macbook.
I have created a basic yet stable ruleset, however, I am having trouble reading the logs from tcpdump, precisely this part:
I know the 25 is the line on my anchor ruleset:
however, what is the 8 after the / ? I've looked up into the pf manual and man pf.conf / pfctl and can't quite figure out the syntax.
Mostly because I'm trying to figure out why is that packet being logged because all my pass rules do not have a `log` option.
Any help is greatly appreciated!
I have created a basic yet stable ruleset, however, I am having trouble reading the logs from tcpdump, precisely this part:
Code:
00:01:32.336988 rule 1.com.myanchor.25/8(ip-option): pass in on en0: 192.168.0.1 > 224.0.0.1: igmp query v3I know the 25 is the line on my anchor ruleset:
Code:
@25 pass on en0 proto igmp all keep state
[ Owner : nil Priority : 0 ]however, what is the 8 after the / ? I've looked up into the pf manual and man pf.conf / pfctl and can't quite figure out the syntax.
Mostly because I'm trying to figure out why is that packet being logged because all my pass rules do not have a `log` option.
Any help is greatly appreciated!