ipfw tracing
Julian Elischer
julian at elischer.org
Tue Oct 24 20:05:27 UTC 2006
Andrey V. Elsukov wrote:
> Hi, All!
>
> I've make a small patch that add a rule action
> tracing feature to ipfw2.
>
> http://butcher.heavennet.ru/patches/kernel/ipfw_trace/
>
> This patch can be usefull when you have too many
> ipfw-rules. When some packets not pass ipfw - It is not
> easy to determine rule which block these packets.
>
> How to use:
>
> # ipfw add 1 count tag <SOME_TAG> <RULE_BODY>
> # sysctl net.inet.ip.fw.trace_tag=<SOME_TAG>
> # tail -f /var/log/security
>
> <SOME_TAG> - some tag number
> <RULE_BODY> - rule for matching needed packets
>
> What you think about that?
>
Can you show some sample usage and output?
More information about the freebsd-ipfw
mailing list