On Thu, 17 Feb 2011, Egbert Jan van den Bussche
<egbert at vandenbussche dot nl> wrote:
> What means the "@xxx:yyy" field in the lines send to syslog? Can I
> relate it in some way to the rules in the .xml file? I see xxx: 0,
> 200 and 10100.
After a bit of digging I have your answer.
m0n0wall uses ipmon (
http://www.freebsd.org/cgi/man.cgi?query=ipmon&sektion=8 ) for
firewall logging. From the man page for ipmon:
"4. The group and rule number of the rule, e.g., @0:17. These can be
viewed with ipfstat -n."
Although I believe the command is actually ipfstat -in:
(run on my m0n0/exec.php)
$ ipfstat -in
@1 pass in quick on lo0 all
@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopts
# Group 100
@1 pass in quick from 192.168.0.0/24 to 192.168.0.1/32 keep state group 100
@2 pass in quick from 192.168.0.0/24 to any keep state group 100
# Group 200
@1 pass in quick proto tcp/udp from any to 192.168.0.27/32 port 5059
>< 5062 keep state group 200
@2 pass in quick proto tcp/udp from any to 192.168.0.27/32 port 16383
>< 16483 keep state group 200
@3 pass in quick proto tcp/udp from any to 192.168.0.33/32 port 2299
>< 2312 keep state group 200
For IPv4, m0n0wall uses the group 100 for the lan interface, 200 for
the wan interface, 300, 400, 500 etc for optional interfaces. For
IPv6, it uses the same numbers, but adds 10000, so the lan interface
is 10100, the wan 10200, etc.
Hope this helps.