IPFW and syslog
Alexander
shulik_freebsd at matrixhome.net
Sat May 6 14:10:14 UTC 2006
Tiago N. Sampaio wrote:
> did you try add deny log ip from any to any?
> ipfw add 65000 deny log ip from any to any
>
If I'll add rule deny any any at the end, it will be last rule between
other rules and all packets will be dropped (one_pass = 0).
But I don't understand, why if I add deny any any as first rules -
traffic dropped.
> Hugs
> Tiago N. Sampaio
>
> Alexander wrote:
>> So, I also try ipfw add 99 deny ip from any to any, but got the same
>> trouble...
>>
>> Bjoern A. Zeeb wrote:
>>
>>> On Sat, 6 May 2006, Alexander wrote:
>>>
>>>
>>>> Bjoern A. Zeeb wrote:
>>>>
>>>>> On Sat, 6 May 2006, Alexander wrote:
>>>>>
>>>>>
>>>>>> Default rule is deny.
>>>>>> Some packets is registered under default rule, but I can't find
>>>>>> documentation - how log to syslog packets, that denied in default
>>>>>> rules.
>>>>>>
>>>>> Add the same rule with rule number - 1 and add log statement.
>>>>>
>>>>>
>>>> Gmmmm! I have added rule: ipfw add 1 deny ip from any to any
>>>> And server dropped all packets...
>>>>
>>> Well
>>> "rule number" (for default rule) - 1 == 65535 - 1 == 65534
>>>
>>> I guess I should have added quotes or braces or the sample.
>>>
>>> Sorry for the trouble...
>>>
>>>
>>
>> _______________________________________________
>> freebsd-isp at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list