[PATCH] ipfw logging through tcpdump ?

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Tue Dec 15 10:10:07 UTC 2009

On Tue, 15 Dec 2009, Luigi Rizzo wrote:


> The following ipfw patch (which i wrote back in 2001/2002) makes
> ipfw logging possible through tcpdump -- it works by passing to the
> fake device 'ipfw0' all packets matching rules marked 'log' .
> The use is very simple -- to test it just do
> 	ipfw add 100 count log ip from any to any
> and then
> 	tcpdump -ni ipfw0
> will show all matching traffic.
> I think this is a quite convenient and flexible option, so if there
> are no objections I plan to commit it to head.

pf(4) has pflog(4).   Ideally calling it the same would be good though
I wonder if two of the the three of our firewalls grow that feature,
if we could have a common packet logging device rather than re-doing
it for each implementation.

Frankly,  I haven't looked at the details of the implementation but I
found getting rul numbers with tcpdump -e etc. was pretty cool to
identify where things were blocked or permitted.

Also make sure that the per-VIMAGE interface will work correctly and
as expected.


Bjoern A. Zeeb         It will not break if you know what you are doing.

More information about the freebsd-current mailing list