Subject: ip filter and logging
To: None <email@example.com>
From: Andrew Brown <firstname.lastname@example.org>
Date: 04/12/2000 15:06:24
i'm finding this sort of thing
Apr 12 14:42:45 noc ipmon: 14:42:44.772594 lo0 @0:148 p 184.108.40.206,1115 -> 220.127.116.11,666 PR tcp len 20 85 -AP
in my packet log files, and i'm confused. granted, i haven't been
using ipfilter for very long, but i thought i had a good idea of what
was what. :)
count in quick proto tcp from any to 18.104.22.168 port = 666
pass in quick proto tcp from any to 22.214.171.124 port = 666
count out quick proto tcp from 126.96.36.199 port = 666 to any
pass out quick proto tcp from 188.8.131.52 port = 666 to any
count in quick from any to 184.108.40.206
pass in log quick from any to 220.127.116.11
count out quick from 18.104.22.168 to any
pass out log quick from 22.214.171.124 to any
since it seems (to me, at least) that "quick" and "log" don't work
with "count" lines. am i wrong? if so, what am i doing wrong? i'm
not trying to block any traffic at this time, just characterize it.
note: i'm using 1.3.3/i386, so if this is a "bug, so just upgrade",
i'd still like to know.
|-----< "CODE WARRIOR" >-----|
email@example.com * "ah! i see you have the internet
firstname.lastname@example.org (Andrew Brown) that goes *ping*!"
email@example.com * "information is power -- share the wealth."