PF How To Determine Which Rule Is Allowing Traffic?

G

GR-Stan

Tried to search for an answer, but couldn't find anything relevant.

The problem I have is that some traffic that should be blocked is making it through the firewall, and I can't figure out which firewall rule is allowing it through.

We have a fairly large set of rules, so it's not easy to eyeball.

Any help would be appreciated. Thanks!
 
Hi.

You don't offer any information to go on here so it's kind of hard to offer any help. Can you possibly offer any more information and/or post your ruleset?
 
What I use is # pfctl -sr -gv and look at the States counters. Any non-zero states counter means that the rule in question was the last rule matching and created a state.
 
protocelt: I wanted to find out if there was a general way to figure out which firewall rule is allowing a specific connection through. I do not wish to post my ruleset.

kpa: Thanks for the tip, but doesn't look like that will help me very much. Our expanded rules number over 67000, so it's hard to determine which one is the culprit that is allowing the traffic through inadvertently. I'll try to find another way.
 
You must log in or register to reply here.
Back
Top