[ previous ] [ next ] [ threads ]
 
 From:  "Kim Hartlev" <kam at stofanet dot dk>
 To:  "'Chad R. Larson'" <clarson at eldocomp dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  SV: [m0n0wall] Remote syslogging to DMZ
 Date:  Thu, 8 Jan 2004 23:09:45 +0100
>>I see the following in the firewall log:
>>   11:00:40.258164 sis2 @0:8 B 192.168.250.1,514 -> 192.168.252.2,514 
>>PR udp len 20 149 OUT

>That says rule 8 in set 0 blocked the traffic.  Which rule is 8?

Rule 8 is the default block rule and my point was that it gets to that rule
because none of the pass rules match. My point was that rule 2, which I
think was supposed to handle the syslog traffic doesn't work since the
source ips doesn't match. 

>> From the status page I found the following auto generated pass rule 
>>under the ipfstat -nio section:
>>   @2 pass out quick proto udp from 192.168.252.1/32 to 
>>192.168.252.0/24 port = 514 keep state group 450

>That's rule 2.  It's not the one that blocked the traffic.


/Kim