ipfw firewall

Polytropon freebsd at edvax.de
Sat Feb 17 23:25:30 UTC 2018

On Sat, 17 Feb 2018 17:17:36 -0500, Stari Karp wrote:
> Hi!
> I am using FreeBSD 11.1-RELEASE (amd64), single desktop computer. I try
> to setup a IPFW firewall and I am confused about logging settings.
> In /etc/rc.conf I have:
> firewall_enable="YES"
> firewall_quiet="YES"
> firewall_type="workstation"
> firewall_logdeny="YES"
> firewall_logging="YES"
> When I start computer I got about firewall:
> ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to
> deny, logging disable
> In /var/log/security is: newsyslog[28503]: logfile first created
> How should I know if firewall works?

Easiest way: with an external test, for example with nmap.

> I had to use pf firewall and I had
> so many logs related to "igmp query v3".

You can set IPFW's default logging at kernel compile time
(example from an older system):

	# Firewall, NAT
	options		DUMMYNET
	options		IPFIREWALL
	options		IPFILTER
	options		IPDIVERT

Today, those can probably be configured dynamically.
I don't know if there is a "kernel tunable" for those
setting, but it probably is.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list