ipfw2 logging
Drew Tomlinson
drew at mykitchentable.net
Sun Nov 2 10:12:57 PST 2003
----- Original Message -----
From: "Zoran Kolic" <kolicz at eunet.yu>
To: <freebsd-stable at freebsd.org>
Sent: Saturday, November 01, 2003 10:11 PM
Subject: ipfw2 logging
>
> Dear list!
> I have a little problem, trying
> to enable logging of deny rule.
> I have enabled it via kernel:
>
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=3
This seems to be a very small limit. Do you really intend to end logging of
a rule after three matches?
> It is ipfw2. After that, my inten-
> tion was to use syslogd and
>
> !ipfw
> *.* /var/log/ipfw.log
>
> and newsyslog with
>
> /var/log/ipfw.log 600 3 100 * J
On my system, none of this was necessary. By default, firewall messages are
logged to /var/log/security. If you don't have this file, try using 'touch'
to create it and then see if you get firewall messages.
> In rc.conf I have
>
> firewall_enable="YES"
> firewall_logging="YES"
>
> Well! Firewall works, I have data
> with "ipfw show", but there is no
> log. My intentioned rule is
>
> add 65535 deny log all from any to any
This rule will log all denied packets until the limit (in your case, 3
packets) is reached. Then logging will stop until counters are cleared with
either 'zero' or 'resetlog'.
> It should work, but is does not.
> What I am doing wrong?
> With no syslogd and newsyslog, log
> would be in "messages" file in
> /var/log directory?
As I mention above, look for messages in /var/log/security.
Cheers,
Drew
More information about the freebsd-stable
mailing list