problems with ipfilter on 5.1-RELEASE

Crist J. Clark cristjc at comcast.net
Mon Aug 11 15:41:38 PDT 2003 

On Fri, Aug 08, 2003 at 01:41:18AM -0500, Redmond Militante wrote:
> hi all
> 
> i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter
> seems to be working fine. i just have a couple of issues that are
> probably not very serious...
> 
> one thing is that during network startup at boot, i get the message
> IPFilter: already initialized
> repeated 4 times.
> 
> i think i have everything configured properly
> 
> my kernel config looks like
> 
> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
> 
> my /etc/rc.conf looks like
> 
> ipfilter_enable="YES"
> ipfilter_flags=""
> ipfilter_rules="/etc/ipfilter.rules"
> ipmon_enable="YES"
> ipmon_flags="-Dsvn"

IPFilter may be initialized when other network devices and services
are started and configured. This might be what you see. Can you
provide more of your rc.conf? At the very least, the other
networking-related variables.

> the other problem i have is that: it now seems that ipmon is logging to
> /var/log/messages. i've set up ipfilter successfully on many freebsd
> 4x boxes, but this is the first time i've tried to set it up on 5x.
> 
> in my /etc/syslog.conf i have
> 
> local0.* /var/log/firewall_logs
> *.notice;local0.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
> /var/log/messages

The default facility for IPFilter was changed to LOG_SECURITY,

  cvs diff -rRELENG_4 -rRELENG_5_1 src/contrib/ipfilter/Makefile
  Index: src/contrib/ipfilter/Makefile
  ===================================================================
  RCS file: /ncvs/src/contrib/ipfilter/Makefile,v
  retrieving revision 1.1.1.8.2.6
  retrieving revision 1.2
  diff -u -r1.1.1.8.2.6 -r1.2
  --- src/contrib/ipfilter/Makefile       1 Mar 2003 03:55:50 -0000       1.1.1.8.2.6
  +++ src/contrib/ipfilter/Makefile       5 Apr 2003 09:25:19 -0000       1.2
  @@ -3,6 +3,7 @@
   #
   # See the IPFILTER.LICENCE file for details on licencing.
   #
  +# $FreeBSD: src/contrib/ipfilter/Makefile,v 1.2 2003/04/05 09:25:19 darrenr Exp $
   # $Id: Makefile,v 2.11.2.15 2002/12/02 04:22:56 darrenr Exp $
   #
   BINDEST=/usr/local/bin
  @@ -29,7 +30,7 @@
   #
   # The facility you wish to log messages from ipmon to syslogd with.
   #
  -LOGFAC=-DLOGFAC=LOG_LOCAL0
  +LOGFAC=-DLOGFAC=LOG_SECURITY
 
   #
   # Uncomment the next 3 lines if you want to view the state table a la top(1)

You might want to,

  --- /export/freebsd/RELENG_5_1/src/etc/syslog.conf      Wed Apr 23 06:08:31 2003
  +++ syslog.conf Mon Aug 11 15:37:54 2003
  @@ -6,7 +6,7 @@
   #      may want to use only tabs as field separators here.
   #      Consult the syslog.conf(5) manpage.
   *.err;kern.debug;auth.notice;mail.crit         /dev/console
  -*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err  /var/log/messages
  +*.notice;authpriv,security.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
   security.*                                     /var/log/security
   auth.info;authpriv.info                                /var/log/auth.log
   mail.info                                      /var/log/maillog

If you wish to stop messages to /var/log/messages. They should already
be collecting in /var/log/security. You may wish to change that to
firewall_logs if the filename is important to you.
-- 
Crist J. Clark                     |     cjclark at alum.mit.edu
                                   |     cjclark at jhu.edu
http://people.freebsd.org/~cjc/    |     cjc at freebsd.org

More information about the freebsd-security mailing list