Mapping pf syslog rule numbers to lines in pf.conf

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Mapping pf syslog rule numbers to lines in pf.conf

Alan McKay
Hey folks,

This one seems to be difficult to google - not coming up with much.

I have some firewall blocks I want to investigate and of course they
are reported as matching a specific rule number - but I am not sure
how to map that back to a line in my pf.conf

Could someone enlighten me?

thanks,
-Alan

--
"Don't eat anything you've ever seen advertised on TV"
         - Michael Pollan, author of "In Defense of Food"

Reply | Threaded
Open this post in threaded view
|

Re: Mapping pf syslog rule numbers to lines in pf.conf

James Shupe-4
On 1/26/2015 2:42 PM, Alan McKay wrote:

> Hey folks,
>
> This one seems to be difficult to google - not coming up with much.
>
> I have some firewall blocks I want to investigate and of course they
> are reported as matching a specific rule number - but I am not sure
> how to map that back to a line in my pf.conf
>
> Could someone enlighten me?
>
> thanks,
> -Alan
>

pfctl -sr -R <rulenum>

Further details can be found in the man page.

--
James Shupe

Reply | Threaded
Open this post in threaded view
|

Re: Mapping pf syslog rule numbers to lines in pf.conf

Fred
In reply to this post by Alan McKay
On 01/26/15 20:42, Alan McKay wrote:

> Hey folks,
>
> This one seems to be difficult to google - not coming up with much.
>
> I have some firewall blocks I want to investigate and of course they
> are reported as matching a specific rule number - but I am not sure
> how to map that back to a line in my pf.conf
>
> Could someone enlighten me?
>
> thanks,
> -Alan
>

Also look at:

-g      Include output helpful for debugging.

as in: pfctl -g -sr

@1 are the rule numbers.

hth

Fred

Reply | Threaded
Open this post in threaded view
|

Re: Mapping pf syslog rule numbers to lines in pf.conf

Alan McKay
In reply to this post by James Shupe-4
On Mon, Jan 26, 2015 at 3:47 PM, James Shupe <[hidden email]> wrote:
> pfctl -sr -R <rulenum>
>
> Further details can be found in the man page.

Oh man that was way too easy!

Anyone in Ottawa is welcome to come by and give me 10 lashes ... (
hangs head in shame )

THanks.  I was trying to search through the man page but the work
"rule" occurs quite a few times ;-)


--
"Don't eat anything you've ever seen advertised on TV"
         - Michael Pollan, author of "In Defense of Food"

Reply | Threaded
Open this post in threaded view
|

Re: Mapping pf syslog rule numbers to lines in pf.conf

Hasse Hansson-2
In reply to this post by Alan McKay
On Mon, Jan 26, 2015 at 03:42:22PM -0500, Alan McKay wrote:

> Hey folks,
>
> This one seems to be difficult to google - not coming up with much.
>
> I have some firewall blocks I want to investigate and of course they
> are reported as matching a specific rule number - but I am not sure
> how to map that back to a line in my pf.conf
>
> Could someone enlighten me?
>
> thanks,
> -Alan
>
> --
> "Don't eat anything you've ever seen advertised on TV"
>          - Michael Pollan, author of "In Defense of Food"
>
Don't know if this is what you're after, but it will list the rules by number.
pfctl -g -s rules | grep '@'

/Hasse

Reply | Threaded
Open this post in threaded view
|

Re: Mapping pf syslog rule numbers to lines in pf.conf

Henning Brauer-4
In reply to this post by James Shupe-4
* James Shupe <[hidden email]> [2015-01-26 21:47]:
> On 1/26/2015 2:42 PM, Alan McKay wrote:
> > I have some firewall blocks I want to investigate and of course they
> > are reported as matching a specific rule number - but I am not sure
> > how to map that back to a line in my pf.conf
> pfctl -sr -R <rulenum>

pfctl -vvsr

is the usual way, shows all rules prefixed w/ the rule #, as well as
some per-rule counters.

> Further details can be found in the man page.

indeed :)

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/