My ipf rules are broken into groups. It's my understanding of the ipflog
format that packets logged within a particular group should reflect that,
i.e., if a packet is in blocked by a rule in group 4, I should have
Indicating that the packet was dropped by the 9th rule in group 4. However,
the actual behaviour that I'm seeing is that *all* packets are logged as
group 0, regardless of the group of the rule that performed the action, i.e.
in the exampe above, if rule 9 in group 4 blocked a packet, I'd still just
This makes it difficult to analyze the logs, since ipf restarts numbering of
rules with each group... leaving me wondering, "Well, was this packet
dropped by rule 3 in group 1, 2, 3, or 4?". Has anyone else seen this with
their rulesets? Have I configured something incorrectly?
Any help appreciated,