Troubleshooting Ruleset Advice

thegadgetman

thegadgetman

Hello all,

I have been having an issue getting IN packets from egress interface to pass through the firewall. When we run a tcpdump it is telling us that rule 155 is the rule causing the connection to be blocked. When I run pfctl -s rules | less -N it shows the line numbers. When I look at the referenced line number the corresponding rule has nothing do with the type of connection we are using. So I guess what I'm getting at is what rule number does PF start counting from? 0?
 
PF ruleset output live refresh.

May I add a useful command based on what you provided...

I felt the need to look at these statistics live. So I wrote this command basically refresh the the screen every 5 seconds.

Code: 
while true ; do clear ; pfctl -sr -vv | egrep -A 2 “@155|@337” ; sleep 5 ; done

Things you can change in this command to fit your needs:

-A 2 = the number of lines to output following the matched expression

@155 = The rule number that you want to watch

| = Use this to separate this to search for like more rule numbers

sleep 5 = you can change this to what ever amount of seconds you want.

Hope this helps.
 
You must log in or register to reply here.
Back
Top