[5.5-RC1] ipfilter/ipmon not logging anything?
Lasse K H
lapeb at soul.lut.fi
Sun May 21 06:16:49 PDT 2006
Hi.
I can't get my Ultra-10 to log any ipfilter messages.
Can somebody help?
regards,
Lasse
-----------------------------------------------------
kernel version:
FreeBSD riksu 5.5-RC1 FreeBSD 5.5-RC1 #0: Sat May 20 19:22:00 EEST 2006 lkh at riksu:/usr/src/sys/sparc64/compile/LOCAL.01 sparc64
$ grep "^options IPF" /usr/src/sys/sparc64/conf/LOCAL.01
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK
boot messages:
IP Filter: v3.4.35 initialized. Default = block all, Logging = enabled
Enabling ipfilter.
Starting ipmon.
Starting syslogd.
/etc/syslog.conf:
*.* /var/log/all.log
security.* /var/log/ipfilter.log
/etc/rc.conf:
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
ps:
root 152 0.0 0.4 3728 2064 ?? Ss 10:32AM 0:00.04 /sbin/ipmon -Ds
root 257 0.0 0.2 3808 1144 ?? Ss 10:32AM 0:00.07 /usr/sbin/syslogd -s
/etc/ipf.rules:
pass in quick on lo0 all
pass out quick on lo0 all
#
pass out quick on hme0 proto tcp from any to $MY-DNS-IP port = 53 flags S keep state
pass out quick on hme0 proto udp from any to $MY-DNS-IP port = 53 keep state
pass out quick on hme0 proto tcp from any to any flags S keep state
#
pass in log first quick on hme0 proto tcp from any to any port = 22 flags S keep state
#
block in log first quick on hme0 all
block in log first quick on hme1 all
ipfstat -h:
IPv6 packets: in 0 out 4
input packets: blocked 5008 passed 41062 nomatch 0 counted 0 short 0
output packets: blocked 4 passed 36156 nomatch 4 counted 0 short 0
input packets logged: blocked 5008 passed 25
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 4953 output 0
fragment state(in): kept 0 lost 0 not fragmented 0
fragment state(out): kept 0 lost 0 not fragmented 0
packet state(in): kept 25 lost 0
packet state(out): kept 88 lost 0
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 12 (out): 0
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 0 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
More information about the freebsd-sparc64
mailing list