I'm wanting to log every REQ packet going to anywhere outside to port 80. I have all egress packets allowed out, and have this rule to try to log the packets:

pass out log proto tcp from any to any port 80

Unfortunatly, it's not logging a thing.

Here's what I'm using to log connections from my wireless connection to the DNS server in the DMZ.

pass out log on $dmz_if inet proto udp from $wlan_if:network to $dns_server port domain $udp_opts

Then I watch it with tcpdump -n -e -ttt -i pflog0. You should probably limit it to the traffic you want to watch if you have a bunch of log commands in your rules. I'm logging my wireless connection at every hop through the firewall with blocks and passes so I see everything going on with the wireless connection.

Maybe I'll set it to explicitly log from the internal network to any, but I still do not understand why it's not working. Oh well. Maybe I should set some flags. Yeah, this is the only thing being logged except for all the blocks. As for the tcpdump command, I like -etttr, since it's HTTP logging, and name resolution is nice. :wink: