# security run output



## Anonymous (Jan 10, 2009)

Hi!

My system: FreeBSD 7.1, desktop computer.
Same as before I get on fresh installed 7.1 the same message in dailly log:

.....
pf denied packets:
+++ /tmp/security.P6ZmxV8X      2009-01-09 03:02:16.000000000 -0600
+block drop in log all [ Evaluations: 743 Packets: 9 Bytes: 1155 States: 0 ]
+block drop in quick on ! sk0 inet from 192.168.0.0/24 to any [ Evaluations: 743 Packets: 0 Bytes: 0 States: 0 ]
+block drop in quick inet from 192.168.0.100 to any [ Evaluations: 743 Packets: 0 Bytes: 0 States: 0 ]

kernel log messages:
+++ /tmp/security.T6C5vVv9      2009-01-09 03:02:16.000000000 -0600
+GEOM_JOURNAL: Journal ad0s1f clean.
+GEOM_JOURNAL: Journal ad0s1d clean.
....
....

What does it mean, please?

Thanks in advance.


----------



## brd@ (Jan 10, 2009)

Which part?

The PF packets shows the rules that are denying packets..

The kernel log messages show that a check of the Journals was done and shown to be clean.


----------



## Anonymous (Jan 10, 2009)

brd@ said:
			
		

> Which part?
> 
> The PF packets shows the rules that are denying packets..
> 
> The kernel log messages show that a check of the Journals was done and shown to be clean.



It was wrong paste...just pf denied packets.


----------



## brd@ (Jan 10, 2009)

Did you set this machine up? Or is it a pre-configured install like PCBSD?


----------



## Anonymous (Jan 10, 2009)

brd@ said:
			
		

> Did you set this machine up? Or is it a pre-configured install like PCBSD?



I installed. I had 7.0 but I installed from scratch. It is standalone computer, cable modem and DI-604 broadband router.
My pf.conf looks like:
# Macros
ext_if="sk0"

# Optimization
set optimization normal
set block-policy drop
set loginterface $ext_if
set skip on lo0

# NOrmalization
scrub in all

# Block All
block in log all

# Open to out
pass out all keep state

# Filtering
antispoof quick for $ext_if

and in systl.conf I have:

security.bsd.see_other_uids=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

Thanks.


----------

