[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Logging Question



You'd be better served attaching your entire pf.conf
Phusion spewed:
> I have a question about logging certain packets. On my internal
> network I allow the following traffic outbound: tcp
> 21,22,25,53,80,110,443,5999 and udp 53,67,123. I was wondering how I
> can log all the blocked outbound traffic like to tcp and udp port
> 1214, 4662, and the rest. I'm having a problem because when I tried
> AOL Instant Messenger, it should have been blocked, logged and not
> been able to connect because it makes an outbound connection to tcp
> port 5190 which isn't allowed, but it still works. This is what I have
> right now in my config files.
> 
> /etc/inetd.conf
> 127.0.0.1:8021  stream  tcp     nowait  root    /usr/libexec/ftp-proxy
>  ftp-proxy -n -u proxy -m 55000 -M 57000 -t 180
> 
> /etc/pf.conf
> tcp_ports       = "{ 21, 22, 25, 53, 80, 110, 443, 5999 }"
> 
> block in all
> block out log all
> 
> # for FTP
> pass in on $ext_if inet proto tcp from any to $ext_if \
>         port 55000 >< 57000 user proxy $tcpsrv_options $proto_options
> 
> for FTP
> pass out on $ext_if inet proto tcp from $ext_if to any \
>         port > 1023 $tcpsrv_options $proto_options
> 
> pass out on $ext_if inet proto tcp from $ext_if to any \
>         port $tcp_ports $tcpsrv_options $proto_options
> 
> Let me know how I can log the outbound traffic that is blocked. Thanks.
-- 
=== Asenchi ===============================================
-----------------------------------------------------------
- [WWW]: www.asenchi.com [EMAIL]: [email protected]     -
- [PGP]: 1024D/65724DA8 [ICQ]: 56039913 [AIM]: asenchi    -
- [IRC]: Asenchi | irc.freenode.net | #asenchi, #rweather -
-----------------------------------------------------------
============================= Follow the uncharted path ===