"ipfw log" messages from jail show in host syslog
Ernie Luzar
luzar722 at gmail.com
Tue Feb 12 14:37:59 UTC 2019
Rudy (bulk address) wrote:
> I've switched to VNET (love it) in jails. Neat, you an have ipfw running
> in your jail!
>
> I added some log lines to test it out and was a bit confused when
> /var/log/security wasn't showing the log lines. Turns out, the kernel is
> grabbing them and logging in the host and not the chrooted environment.
>
> Bug? Feature? :)
>
> Rudy
>
This is a known bug problem. There is a PR about this filed a few years ago.
Now here is the good news. There is a simple solution. IPFW has the
option to use an un-documented log file named ipfw0. When this log file
is used in a vnet jail, IPFW does log to it at /var/log/security in the
vnet jail.
Add this to the rc.conf file of the vnet jail and restart the vnet jail
to activate.
firewall_logging ="NO"
firewall_logif="YES"
nohup tcpdump -lnti ipfw0 | logger -t jailname -p security.info &
I am having network problems configuring my vnet jail on 12.0, using
bridge/epair with ipfw/nated. I sure would appreciate your help in
figuring out what is incorrect with my setup. If your agreeable, contact
me off list.
Thanks
More information about the freebsd-jail
mailing list