[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PF/logging rule number
On Sat, Nov 02, 2002 at 01:53:09AM -0500, Jason Dixon wrote:
> Does anyone else think that the ability to log the last matching rule
> number (as indexed in 'pfctl -s rules') would be a glorious feature?
> This is found in iptables and is a really nice debugging tool.
It's already there. Use the "-e" option to tcpdump to get
link-level headers when reading from the pflog0 interface. E.g.:
tcpdump -e -n -ttt -l -i pflog0
Daniel (DJ) Gregor
OSU Network Security Group