logging and dynamic rules
Uwe Kolsch
ukolsch at gmx.net
Sun Mar 7 06:05:21 PST 2004
Thanks Luigi
-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org
[mailto:owner-freebsd-ipfw at freebsd.org] On Behalf Of Luigi Rizzo
Sent: 07 March 2004 13:14
To: Uwe Kolsch
Cc: freebsd-ipfw at freebsd.org
Subject: Re: logging and dynamic rules
On Sun, Mar 07, 2004 at 01:02:04PM -0000, Uwe Kolsch wrote:
> Hi,
>
> I've set up ipfw2 on 5.2.1 like follows.
>
> add 1000 check-state
> #allow ssh traffic from any to any
> add 2022 allow log tcp from any to any 22 in setup keep-state
>
> This results in every packet of any ssh connection getting logged, not
> really what I want. I would like to get only the initiation of a ssh
> connection into the logfile. Without dynamic rules I would just deal
i guess your best option is to do this:
add 2022 count log tcp from any to any 22 in setup
add 2022 allow tcp from any to any 22 in setup keep-state
cheers
luigi
> with packages of an established connection without logging, but log
> any request to port 22. Is there any way to achieve this with dynamic
> rules too.
>
> Thanks,
>
> Hans Hunger
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "freebsd-ipfw-unsubscribe at freebsd.org"
_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list