ipmon logging as well

Remko Lodder remko at elvandar.org
Wed Apr 28 00:34:07 PDT 2004 

Hey dave,

> does not run ipnat just ipfilter and ipmon. I've got:

this have to be in rc.conf for ipnat:

ipnat_enable="NO"               # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat"     # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules"  # rules definition file for ipnat
ipnat_flags=""                  # additional flags for ipnat


> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
> compiled in to my kernel. And in rc.conf:
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags="" (Note, i thought this one was suppose to resolve a problem
> of a duplicate ipfilter startup message, about already being initialized?)
> ipmon_enable="YES"
> ipmon_flags="-D /var/log/ipf.log"
> In the /etc/rc.d/ipfilter script i added ipmon to the end of the require:
> line and in the ipmon script i added ipfilter. On boot i get a message that
> says enabling ipfilter, default = block all, logging = enabled. A little
> later i get the message:

I think that you need to place ipfilter in the ipmon /etc/rc.d file, and 
not ipmon in the ipfilter file. Why? Since it gets started twice now 
imho, Could you try that?

> Enabling ipfilter
> ioctl(SIOCIPFL6):Invalid argument
> and it does not work.
>     Suggestions welcome, also when i get this working i'd like for newsyslog
> to rotate this log file, but the last time i tried this newsyslog rotated
> the file yet kept the original pointer open and kept logging to the old
> file.

You should add -U

"U       indicates that the file specified by path_to_pid_file
          will contain the id for a process group, instead of a
          process.  This option also requires that the first line
          in that file must be a negative value, to distinguish it
          from a value for a process id."

for example:

/var/log/ipfilter.log                        640  7     *    @T00  U 
/path/to/pidfile

(I used /var/log/maillog as example).

> Thanks.
> Dave.

No problem,
Cheers!

-- 
--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the 
hackerscene

More information about the freebsd-questions mailing list