[FUG-BR] tcpdump e pflog0 com poucos dados
Enio Marconcini
eniorm em gmail.com
Sexta Novembro 20 13:48:56 BRST 2009
2009/11/20 Amim <octopusillusion em gmail.com>
> Se tu debugar a regra tu consegue ver se existe mesmo algum pacote saindo
> por ela?
>
> Acredito que tu tenha um pass sem o LOG antes dessa regra e que teus
> pacotes tão saindo por ali.
>
> --
> Amim
>
> 2009/11/20 Enio Marconcini <eniorm em gmail.com>
>
>> 2009/11/20 Giancarlo Rubio <gianrubio em gmail.com>
>>
>>
>> > Tente adicionar no fim das suas regras
>> > block log quick from any to any
>> >
>> > e troque sua regra inicial de block log all para apenas block
>> >
>> >
>> > 2
>> >
>> >
>> > --
>> > Giancarlo Rubio
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>>
>> fiz dessa forma, nada tbm
>>
>> só mostra isso
>>
>> tcpdump: WARNING: pflog0: no IPv4 address assigned
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68
>> bytes
>> 000000 rule 12/0(match): pass out on re1: [|ip]
>> 000521 rule 44/0(match): block in on re1: [|ip]
>> 2. 201811 rule 44/0(match): block in on re1: [|ip]
>> 8. 363237 rule 44/0(match): block in on re1: [|ip]
>> 000108 rule 44/0(match): block in on re1: [|ip]
>> 000028 rule 44/0(match): block in on re1: [|ip]
>> 000006 rule 44/0(match): block in on re1: [|ip]
>> 30. 996715 rule 44/0(match): block in on re1: [|ip]
>> 000009 rule 44/0(match): block in on re1: [|ip]
>> 000021 rule 44/0(match): block in on re1: [|ip]
>> 000019 rule 44/0(match): block in on re1: [|ip]
>>
>>
>>
>> --
>> ENIO RODRIGO MARCONCINI
>> gtalk: eniorm em gmail.com
>> skype: eniorm
>> msn: /dev/null
>>
>> > FreeBSD -:- OpenBSD -:-
>> > Coleções Marcas de Cigarros
>> < Obi-Wan has taught you well....
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>
>
o fluxo existe porém o tcpdump aparentemente está exibindo os dados não
indorretos, mas faltando informação
2009-11-20 13:46:19.567293 rule 0/0(match): block in on re1: [|ip]
2009-11-20 13:46:19.567326 rule 0/0(match): block in on re1: [|ip]
2009-11-20 13:46:28.971898 rule 31/0(match): pass in on re1: [|ip]
2009-11-20 13:46:29.101700 rule 31/0(match): pass in on re1: [|ip]
2009-11-20 13:46:41.066787 rule 31/0(match): pass in on re1: [|ip]
2009-11-20 13:46:50.565130 rule 0/0(match): block in on re1: [|ip]
2009-11-20 13:46:50.565222 rule 0/0(match): block in on re1: [|ip]
2009-11-20 13:46:50.565241 rule 0/0(match): block in on re1: [|ip]
2009-11-20 13:46:50.565259 rule 0/0(match): block in on re1: [|ip]
2009-11-20 13:46:51.752977 rule 5/0(match): pass out on re1: [|ip]
2009-11-20 13:46:51.753013 rule 30/0(match): pass in on re1: [|ip]
2009-11-20 13:46:51.753765 rule 30/0(match): pass in on re1: [|ip]
2009-11-20 13:46:56.595686 rule 30/0(match): pass in on re1: [|ip]
note que tem os registros de block ou pass, normais das minhas regras, porém
as linhas nao trazem de onde e para onde (ip e porta)
--
ENIO RODRIGO MARCONCINI
gtalk: eniorm em gmail.com
skype: eniorm
msn: /dev/null
> FreeBSD -:- OpenBSD -:-
> Coleções Marcas de Cigarros
< Obi-Wan has taught you well....
Mais detalhes sobre a lista de discussão freebsd