understanding ipflog

[Paul Civati]

John Murphy <jfm at blueyonder.co.uk> wrote:

> I'm trying to understand all the information in ipflog (IPFilter log).
> I can't seem to find a www tutorial and I think the ipf mailing list
> would find this too basic a question for them.

I knew I had seen it somewhere, unfortunately not in the ipmon(8)
man page, but in the IP Filter HOWTO (Section: "ipmon utility"),
linked to from <URL:http://www.ipfilter.org/>.

> I've indicated the values I don't understand below:
> (Times removed for shorter lines)
> 
> ed0 @0:17 b 217.120.20.6,21 -> 62.31.194.122,21 PR tcp len 20 40 -SF IN
>     ^^^^^                                       ^^            ^^ ^^^

The first one is the rule/group, corresponding to the output from
'ipfstat -in', PR is protocol, and the -SR are the flags on the
(TCP in this case) packet.

-Paul-