[ previous ] [ next ] [ threads ]
 
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Kim Hartlev <kam at stofanet dot dk>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Remote syslogging to DMZ
 Date:  Thu, 8 Jan 2004 13:20:36 -0700
At 03:17 AM 1/8/2004, Kim Hartlev wrote:

>I see the following in the firewall log:
>   11:00:40.258164 sis2 @0:8 B 192.168.250.1,514 -> 192.168.252.2,514 PR udp
>len 20 149 OUT

That says rule 8 in set 0 blocked the traffic.  Which rule is 8?

> From the status page I found the following auto generated pass rule under
>the ipfstat -nio section:
>   @2 pass out quick proto udp from 192.168.252.1/32 to 192.168.252.0/24 port
>= 514 keep state group 450

That's rule 2.  It's not the one that blocked the traffic.


          -crl
--
Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228

-- CONFIDENTIALITY NOTICE --

This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.