kern/62598: no logging on ipfw loadable module
Friedemann Becker
Friedemann.Becker at web.de
Tue Feb 10 16:00:18 PST 2004
joe wrote:
>>Number: 62598
>>Category: kern
>[...]
>
> By original design, it's not suppose to be an mandatory requirement that you enable
> IPFW by compiling it's options into your customized FBSD kernel. IPFW
> is included in the basic FBSD install as a separate run time loadable
module.
> For some unknown reason the loadable module was compiled with,
logging disabled
> This means the loadable IPFW module has absolutely no logging
available. This
> configuration is non-logical, does not reflect the needs of the
majority of
> IPFW users, and is pretty much useless. A firewall without logging
ability is
> just plain unheard of.
the precompiled module comes with preset compile time options, but have
you tried the the corresponding sysctl variables in net.inet.ip.fw,
especially net.inet.ip.fw.verbose and net.inet.ip.fw.verbose_limit?
see the manpage, section "RULE FORMAT", command "log", for details
Friedemann
More information about the freebsd-bugs
mailing list