Subject: ip filter and logging
To: None <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 04/12/2000 15:06:24
i'm finding this sort of thing
Apr 12 14:42:45 noc ipmon: 14:42:44.772594 lo0 @0:148 p 220.127.116.11,1115 -> 18.104.22.168,666 PR tcp len 20 85 -AP
in my packet log files, and i'm confused. granted, i haven't been
using ipfilter for very long, but i thought i had a good idea of what
was what. :)
count in quick proto tcp from any to 22.214.171.124 port = 666
pass in quick proto tcp from any to 126.96.36.199 port = 666
count out quick proto tcp from 188.8.131.52 port = 666 to any
pass out quick proto tcp from 184.108.40.206 port = 666 to any
count in quick from any to 220.127.116.11
pass in log quick from any to 18.104.22.168
count out quick from 22.214.171.124 to any
pass out log quick from 126.96.36.199 to any
since it seems (to me, at least) that "quick" and "log" don't work
with "count" lines. am i wrong? if so, what am i doing wrong? i'm
not trying to block any traffic at this time, just characterize it.
note: i'm using 1.3.3/i386, so if this is a "bug, so just upgrade",
i'd still like to know.
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."