[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Logging Question

I have a question about logging certain packets. On my internal
network I allow the following traffic outbound: tcp
21,22,25,53,80,110,443,5999 and udp 53,67,123. I was wondering how I
can log all the blocked outbound traffic like to tcp and udp port
1214, 4662, and the rest. I'm having a problem because when I tried
AOL Instant Messenger, it should have been blocked, logged and not
been able to connect because it makes an outbound connection to tcp
port 5190 which isn't allowed, but it still works. This is what I have
right now in my config files.
/etc/inetd.conf  stream  tcp     nowait  root    /usr/libexec/ftp-proxy
 ftp-proxy -n -u proxy -m 55000 -M 57000 -t 180
tcp_ports       = "{ 21, 22, 25, 53, 80, 110, 443, 5999 }"
block in all
block out log all
# for FTP
pass in on $ext_if inet proto tcp from any to $ext_if \
        port 55000 >< 57000 user proxy $tcpsrv_options $proto_options
for FTP
pass out on $ext_if inet proto tcp from $ext_if to any \
        port > 1023 $tcpsrv_options $proto_options
pass out on $ext_if inet proto tcp from $ext_if to any \
        port $tcp_ports $tcpsrv_options $proto_options
Let me know how I can log the outbound traffic that is blocked. Thanks.