| Firewalling with OpenBSD's PF packet filter: EuroBSDCon 2007, København, September 12th 2007 | ||
|---|---|---|
| Prev | Next | |
Keyword "log" in the rules to be logged
/etc/pf.conf
set loginterface $ext_if pass out log from <client> to any port $email label client-email keep state
Logs in binary, tcpdump(8) readable format
label creates counters for statistics
NOTE: log logs only initial packet, use log (all) to log all matching packets
OpenBSD 4.1 onwards: cloneable pflog, rules can log to specific interface:
pass log (all, to pflog2) inet proto tcp from $mailserver to any port smtp