Logging packets dropped by IPFW
Chuck Swiger
cswiger at mac.com
Mon Jul 7 14:31:44 PDT 2003
Tim Kientzle wrote:
> Is there any way to generate log information
> about the packets dropped by IPFW? The 'log'
> modifier doesn't seem to do anything on my
> system right now <sigh>, though from what I can tell,
> it's supposed to only log the rule that was
> triggered, which isn't the same thing at all.
Did you recompile your kernel with these options:
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
...? Also consider:
sysctl net.inet.tcp.log_in_vain=1
sysctl net.inet.udp.log_in_vain=1
--
-Chuck
More information about the freebsd-questions
mailing list