Logging and IPFW

John Birrell jb at cimlogic.com.au
Tue Sep 9 07:11:34 PDT 2003

On Tue, Sep 09, 2003 at 01:22:18PM +0100, Wayne Pascoe wrote:
> I tried changing the rc.firewall script so that the last line in the
> CLIENT section read
> ${fwcmd} add 65535 deny ip from any to any log
> but ipfw list still just showd
> 65535 deny ip from any to any log
> where should that rule with the log go in the list ? Before the last
> line ? 
> Should I add a rule before 65535 that logs things ? 

The first rule that matches is executed, so if you want it to log you have
to add 'log' to that line (and every other line you want to log). You will
soon find that logging can create huge files and that it is best use sparingly.

John Birrell

More information about the freebsd-questions mailing list