If this blog helped you in any way, please donate a dollar here

Friday, July 7, 2017

Logging PF Firewall on Mac OSX

Steps to enable logging for pfctl utility on newer osx like Yosemite, Sierra:

Firstly,

Add "log" to all rules in "/etc/pf.conf" or which ever PF configuration file you have.

Also set the logging interface with:

set loginterface pflog0

on the top of the PF config file.

Create a virtual interface with:

sudo ifconfig pflog0 create

Now start viewing packets which match the rules you logged with this:

sudo /usr/sbin/tcpdump -lnettti pflog0

At the end do:

sudo ifconfig pflog0 create