svn commit: r52855 - head/en_US.ISO8859-1/books/handbook/firewalls

Tom Rhodes trhodes at
Mon Mar 11 15:04:03 UTC 2019

Author: trhodes
Date: Mon Mar 11 15:04:02 2019
New Revision: 52855

  Note that, even if logging is enabled in rc.conf, IPFW rules still need the "log"
  keyword to create logs.
  Reviewed by:		bcr
  Differential Revision:


Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
--- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml	Sun Mar 10 15:22:54 2019	(r52854)
+++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml	Mon Mar 11 15:04:02 2019	(r52855)
@@ -1697,6 +1697,14 @@ block drop out quick on $ext_if from any to $martians<
       <screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen>
+      <warning>
+	<para>Only firewall rules with the <option>log</option> option will
+	  be logged.  The default rules do not include this option and it
+	  must be manually added.  Therefor it is advisable that the default
+	  ruleset is edited for logging.  In addition, log rotation may be
+	  desired if the logs are stored in a separate file.</para>
+      </warning>
       <para>There is no <filename>/etc/rc.conf</filename> variable to
 	set logging limits.  To limit the number of times a rule is
 	logged per connection attempt, specify the number using this

More information about the svn-doc-all mailing list