Normally to see a current status of PF on OpenBSD you run the following:
$ sudo tcpdump -nettti pflog0
This will display all the traffic you're logging, however if you only want to view specific traffic from a certain rule you have to apply the rule number filter. Since tcpdump has access to the link-level header information, you can filter on the PF rule number.
First find out the rule number of the PF rule you want to filter on by running this command:
$ sudo pfctl -vvsr
(that is two v and not a w)
Then find the rule number of the desired PF rule and add it to your tcpdump command:
$ sudo tcpdump -nettti pflog0 rnr X
X = pfRuleNumber
No comments:
Post a Comment