svn commit: r52855 - head/en_US.ISO8859-1/books/handbook/firewalls
Tom Rhodes
trhodes at FreeBSD.org
Mon Mar 11 15:04:03 UTC 2019
Author: trhodes
Date: Mon Mar 11 15:04:02 2019
New Revision: 52855
URL: https://svnweb.freebsd.org/changeset/doc/52855
Log:
Note that, even if logging is enabled in rc.conf, IPFW rules still need the "log"
keyword to create logs.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D19513
Modified:
head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sun Mar 10 15:22:54 2019 (r52854)
+++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Mon Mar 11 15:04:02 2019 (r52855)
@@ -1697,6 +1697,14 @@ block drop out quick on $ext_if from any to $martians<
<screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen>
+ <warning>
+ <para>Only firewall rules with the <option>log</option> option will
+ be logged. The default rules do not include this option and it
+ must be manually added. Therefor it is advisable that the default
+ ruleset is edited for logging. In addition, log rotation may be
+ desired if the logs are stored in a separate file.</para>
+ </warning>
+
<para>There is no <filename>/etc/rc.conf</filename> variable to
set logging limits. To limit the number of times a rule is
logged per connection attempt, specify the number using this
More information about the svn-doc-head
mailing list