logging tablearg ??
Michael Sierchio
kudzu at tenebras.com
Wed Oct 3 16:51:52 UTC 2012
Julian Elischer (and possibly others) -
on 8.3-RELEASE-p4...
I have a table with ca. 84,000 networks, and the table arg is a
classifier based on criteria the firewall ruleset doesn't care about -
but I really would like to log the data.
I've discovered that logging the lookup command doesn't log the table
arg, just the src-ip
ipfw add 500 skipto 65000 log logamount 0 lookup src-ip 1
log entry looks like:
Oct 3 16:41:49 fedallah kernel: ipfw: 500 SkipTo 65000 TCP
69.109.215.188:53297 10.160.78.12:3222 in via xn0
Of course I don't have any reason to expect this to work, since it's
an aspirational use of the mechanism. But I think it might be
powerful and useful for folks who actually use firewall logs in
support of IDS/IPS etc.
- M
More information about the freebsd-ipfw
mailing list