From owner-freebsd-questions Sun May 17 15:40:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA06134 for freebsd-questions-outgoing; Sun, 17 May 1998 15:40:54 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mail.symmetron.com (mail.symmetron.com [206.239.186.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA06018 for ; Sun, 17 May 1998 15:40:09 -0700 (PDT) (envelope-from FreeBSD.lists@symmetron.com) Received: from mail (mail.symmetron.com [206.239.186.2]) by mail.symmetron.com (Netscape Mail Server v2.02) with SMTP id AAA314; Sun, 17 May 1998 18:40:38 -0400 Reply-To: From: FreeBSD.lists@symmetron.com (FreeBSD Mailing Lists) To: "Charlie Root" , Subject: RE: Possible bug in IPFW Date: Sun, 17 May 1998 18:40:38 -0400 Message-ID: <000901bd81e4$d02f76a0$02baefce@mail.symmetron.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <199805171900.OAA07502@ftp1.mfn.org> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sunday, May 17, 1998 3:01 PM, Charlie Root said: > Here is the basic outline: > > (1) Rulesets. Allow this, that, blah, blah, blah... > (2) Final rule: 65500 deny log all from any to any > > So we bring up the filter machine, and start attacking it: > About half way through the "23 series" of scans (which would make it > about 750 connections attempted, it ceased logging (forever!) with the > following message: > > May 17 00:39:21 attackme /kernel: ipfw: 65500 Deny TCP > x.x.x.x:1065 me.me.me.me:23 in via de3 > > I have checked for disk space, which AFAIK has never exceeded 50% > usage on any > slice, and sure enough, the top user of space was at a mere 45%. > /var is at 3%. > > Except for the fact that it is no longer logging, it appears to > be ok: cron > is running and doing it's thing, it succeeded in backing itself > up last night, > and it still appears to be filtering, although *without* logging > bad packets. > > Should I be forwarding this to the bugs list, or have I missed something > very basic here? you might want to check your kernel to make sure you don't have a limit on your IPFW logging. the kernel option is IPFIREWALL_VERBOSE_LIMIT. while you are there, you might want to make sure the IPFIREWALL_VERBOSE option is enabled. -john --------------- John A. Shue 4000 Legato Road, Suite 600 Fairfax, VA 22033 (703) 591-5559 (703) 591-6337 FAX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message