Steps to enable logging for pfctl utility on newer osx like Yosemite, Sierra:
Firstly,
Add "log" to all rules in "/etc/pf.conf" or which ever PF configuration file you have.
Also set the logging interface with:
on the top of the PF config file.
Create a virtual interface with:
Now start viewing packets which match the rules you logged with this:
At the end do:
Firstly,
Add "log" to all rules in "/etc/pf.conf" or which ever PF configuration file you have.
Also set the logging interface with:
set loginterface pflog0
on the top of the PF config file.
Create a virtual interface with:
sudo ifconfig pflog0 create
Now start viewing packets which match the rules you logged with this:
sudo /usr/sbin/tcpdump -lnettti pflog0
At the end do:
sudo ifconfig pflog0 create
No comments:
Post a Comment