PF I can't log the blocked packets

japoc

Member

Reaction score: 1
Messages: 92

I'm trying to set up a pf firewall. I'd like to log all the dropped packets.

Here's my pf.conf so far:

Code:
tcp_internet_out="{53, 80, 443, 123}"
udp_internet_out="{53}"

block log all
pass in quick on lo0
pass out quick on lo0
pass in quick on re0 inet proto tcp from any to (re0) port 22
pass out quick on re0 inet proto tcp from (re0) to any port $tcp_internet_out
pass out quick on re0 inet proto udp from (re0) to any port $udp_internet_out
pass in quick on re0 inet proto icmp from any to (re0) icmp-type echoreq
I'm not sure of the block log all syntax but I found examples that used it on the internet. I tried many other variants but none work.

I use
$ sudo service pf restart to reload the rules, and then:

$ sudo service pflog restart to (re)-start the logging service.

As advised here: http://www.openbsd.org/faq/pf/logging.html I use
$ sudo tcpdump -n -e -ttt -i pflog0
to try to monitor the logs but nothing appears when I do that. No packets.
I attempted to telnet many ports, wget, nmap the host, but nothing appears in the log. Nothing.

What am doing wrong?
 
Top