default to deny rule

Barry Irwin bvi at
Mon May 5 05:45:39 PDT 2003

The easiest, is to put in a rule just befroe it say 653500 deny log
logamount <x> ip from any to any

you could even break it down to log against separate rule numbers for  tcp,
udp, icmp, etc. withc  a catchall at the end.


Barry Irwin         bvi at                    Tel:
Systems Administrator: Networks And Security
iTouch Technology
iTouch TAS         Mobile: +27824457210

----- Original Message -----
From: "Mark Bojara" <mark at>
To: <freebsd-isp at>
Sent: Monday, May 05, 2003 2:28 PM
Subject: default to deny rule

> Hello All,
> I have setup a default to deny ipfw rule and I would like that rule to log
> all denied packets aswell. Eg change it to: "65535 deny log ip from any to
> How would I do this?
> Regards
> Mark Bojara
> ----------------------------------------------------------------
> A life lived in fear is half a life lived.
> ----------------------------------------------------------------
> _______________________________________________
> freebsd-isp at mailing list
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at"

More information about the freebsd-isp mailing list