ipmon logging as well
remko at elvandar.org
Wed Apr 28 00:34:07 PDT 2004
> does not run ipnat just ipfilter and ipmon. I've got:
this have to be in rc.conf for ipnat:
ipnat_enable="NO" # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat" # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ipnat_flags="" # additional flags for ipnat
> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
> compiled in to my kernel. And in rc.conf:
> ipfilter_flags="" (Note, i thought this one was suppose to resolve a problem
> of a duplicate ipfilter startup message, about already being initialized?)
> ipmon_flags="-D /var/log/ipf.log"
> In the /etc/rc.d/ipfilter script i added ipmon to the end of the require:
> line and in the ipmon script i added ipfilter. On boot i get a message that
> says enabling ipfilter, default = block all, logging = enabled. A little
> later i get the message:
I think that you need to place ipfilter in the ipmon /etc/rc.d file, and
not ipmon in the ipfilter file. Why? Since it gets started twice now
imho, Could you try that?
> Enabling ipfilter
> ioctl(SIOCIPFL6):Invalid argument
> and it does not work.
> Suggestions welcome, also when i get this working i'd like for newsyslog
> to rotate this log file, but the last time i tried this newsyslog rotated
> the file yet kept the original pointer open and kept logging to the old
You should add -U
"U indicates that the file specified by path_to_pid_file
will contain the id for a process group, instead of a
process. This option also requires that the first line
in that file must be a negative value, to distinguish it
from a value for a process id."
/var/log/ipfilter.log 640 7 * @T00 U
(I used /var/log/maillog as example).
www.mostly-harmless.nl Dutch community for helping newcomers on the
More information about the freebsd-questions