From owner-freebsd-questions  Wed Dec  1 17:33:49 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from athserv.otenet.gr (athserv.otenet.gr [195.170.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 8DB6814CCB
	for <freebsd-questions@freebsd.org>; Wed,  1 Dec 1999 17:33:45 -0800 (PST)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Received: from localhost.hell.gr (patr364-a122.otenet.gr [195.167.112.218])
	by athserv.otenet.gr (8.9.3/8.9.3) with SMTP id DAA03098
	for <freebsd-questions@freebsd.org>; Thu, 2 Dec 1999 03:32:17 +0200 (EET)
Received: (qmail 4968 invoked by uid 1001); 2 Dec 1999 01:31:50 -0000
Date: Thu, 2 Dec 1999 03:31:50 +0200
From: d e a t h <charon@hades.hell.gr>
To: freebsd-questions@freebsd.org
Subject: ipfilter & logging?
Message-ID: <19991202033150.C3342@hades.hell.gr>
Reply-To: keramida@ceid.upatras.gr
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[1. output of uname -a]

FreeBSD hades.hell.gr 3.3-STABLE FreeBSD 3.3-STABLE #0: \
  Wed Dec  1 04:59:37 EET 1999 \
  root@hades.hell.gr:/usr/src/sys/compile/HADES  i386

[2. problem report]

Well, after using ipfw on 3.3-STABLE for quite some time, I decided to
play around with ipfilter.  So, I commented out all the ipfw lines in
my kernel config, and added:

    options         IPFILTER                #kernel ipfilter support
    options         IPFILTER_LOG            #ipfilter logging
    options         IPSTEALTH               #support for stealth forwarding

compiled, installed, changed rc.conf to firewall_enable="NO" (just to
make sure than ipfw had no chance to mess with packets), and rebooted.

The funny thing was that although ipfilter seemed to grok my rules,
loader from a file with:

    % ipf -f ipf.rules

and ipfstat showed they were all there, no logging was performed for
those rules that contained the 'log' keyword.  For instance I had a
rule of

    block in log quick from any to any 12345

but a netcat to port 12345 from localhost did not show anything in the
system logs.  Changing back to `ipfw' works with logging though!

Does logging in ipfilter work at all, or was it some silly thing I did?

-- 
Giorgos Keramidas, <keramida@ceid.upatras.gr>
"What we have to learn to do, we learn by doing." [Aristotle]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message