pflogd not logging

[locutus]

I have setup pf and pflog without rebooting for testing. The modules are loaded, rules are online and the pflogd is running, but not logging to the file.

75081  ??  S      0:00.08 pflogd: [running] -s 116 -f /var/log/pflog (pflogd)

I have the following lines in the pf.conf:

....
block log all
....
pass in quick log on $int_if proto tcp from $trusted_ssh_hosts to $int_if port ssh flags S/SA keep state

New ssh_connect are shown in auth.log coming from the IP specified in $trusted_ssh_hosts, but they are not logged in /var/log.pf.conf.

Do i really need to reboot to make the entries in rc.conf work?

 

[SirDice]

Do i really need to reboot to make the entries in rc.conf work?

Simply reload them with # pfctl -f /etc/pf.conf

Have a look with # tcpdump -ni pflog0 to see if it actually picks up something.

 

[locutus]

Hmm, ok now it shows me the package. the strange thing is, now also the pflog has the entries.

Thx