[FUG-BR] tcpdump e pflog0 com poucos dados

Giancarlo Rubio gianrubio em gmail.com
Sexta Novembro 20 13:50:57 BRST 2009


poste seu pf.conf inteiro

2009/11/20 Enio Marconcini <eniorm em gmail.com>

> 2009/11/20 Amim <octopusillusion em gmail.com>
>
> > Se tu debugar a regra tu consegue ver se existe mesmo algum pacote saindo
> > por ela?
> >
> > Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus
> > pacotes tão saindo por ali.
> >
> > --
> > Amim
> >
> > 2009/11/20 Enio Marconcini <eniorm em gmail.com>
> >
> >> 2009/11/20 Giancarlo Rubio <gianrubio em gmail.com>
> >>
> >>
> >> > Tente adicionar no fim das suas regras
> >> > block log quick from any to any
> >> >
> >> > e troque sua regra inicial de block log all para apenas block
> >> >
> >> >
> >> > 2
> >> >
> >> >
> >> > --
> >> > Giancarlo Rubio
> >> > -------------------------
> >> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >> >
> >>
> >> fiz dessa forma, nada tbm
> >>
> >> só mostra isso
> >>
> >> tcpdump: WARNING: pflog0: no IPv4 address assigned
> >> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> >> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size
> 68
> >> bytes
> >> 000000 rule 12/0(match): pass out on re1: [|ip]
> >> 000521 rule 44/0(match): block in on re1: [|ip]
> >> 2. 201811 rule 44/0(match): block in on re1: [|ip]
> >> 8. 363237 rule 44/0(match): block in on re1: [|ip]
> >> 000108 rule 44/0(match): block in on re1: [|ip]
> >> 000028 rule 44/0(match): block in on re1: [|ip]
> >> 000006 rule 44/0(match): block in on re1: [|ip]
> >> 30. 996715 rule 44/0(match): block in on re1: [|ip]
> >> 000009 rule 44/0(match): block in on re1: [|ip]
> >> 000021 rule 44/0(match): block in on re1: [|ip]
> >> 000019 rule 44/0(match): block in on re1: [|ip]
> >>
> >>
> >>
> >> --
> >>  ENIO RODRIGO MARCONCINI
> >> gtalk: eniorm em gmail.com
> >> skype: eniorm
> >> msn: /dev/null
> >>
> >> > FreeBSD -:- OpenBSD -:-
> >> > Coleções Marcas de Cigarros
> >> < Obi-Wan has taught you well....
> >> -------------------------
> >> Histórico: http://www.fug.com.br/historico/html/freebsd/
> >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >>
> >
> >
>
> o fluxo existe porém o tcpdump aparentemente está exibindo os dados não
> indorretos, mas faltando informação
>
> 2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip]
> 2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip]
> 2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip]
> 2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip]
> 2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip]
> 2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip]
> 2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip]
> 2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip]
> 2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip]
> 2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip]
> 2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip]
> 2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip]
> 2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip]
>
>
> note que tem os registros de block ou pass, normais das minhas regras,
> porém
> as linhas nao trazem de onde e para onde (ip e porta)
>
>
>
>
> --
> ENIO RODRIGO MARCONCINI
> gtalk: eniorm em gmail.com
> skype: eniorm
> msn: /dev/null
>
> > FreeBSD -:- OpenBSD -:-
> > Coleções Marcas de Cigarros
> < Obi-Wan has taught you well....
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>



-- 
Giancarlo Rubio


Mais detalhes sobre a lista de discussão freebsd