Logging packets dropped by IPFW
Tim Kientzle
kientzle at acm.org
Mon Jul 7 14:57:21 PDT 2003
Tim Kientzle wrote:
> Micheal Patterson wrote:
>> ----- Original Message -----
>> From: "Tim Kientzle" <kientzle at acm.org>
>> Subject: Logging packets dropped by IPFW
>>
>>> Is there any way to generate log information
>>> about the packets dropped by IPFW? The 'log'
>>> modifier doesn't seem to do anything ...
>
>> options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
>> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
>
> Thanks, Micheal. The manpage didn't
> mention that logging was a compile-time
> option; I'm recompiling now...
Took another very careful look at the manpage,
and discovered that recompiling wasn't necessary
after all:
# sysctl net.inet.ip.fw.verbose=1
suffices to turn it on. The IPFIREWALL_VERBOSE
compile option just changes the default for this sysctl.
Make this permanent by adding the line:
net.inet.ip.fw.verbose=1
to /etc/sysctl.conf.
Tim
More information about the freebsd-questions
mailing list