Date: Sun, 18 Feb 2018 00:25:22 +0100 From: Polytropon <freebsd@edvax.de> To: Stari Karp <starikarp@yandex.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ipfw firewall Message-ID: <20180218002522.1f24754f.freebsd@edvax.de> In-Reply-To: <1518905856.89579.1.camel@yandex.com> References: <1518905856.89579.1.camel@yandex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 17 Feb 2018 17:17:36 -0500, Stari Karp wrote: > Hi! > > I am using FreeBSD 11.1-RELEASE (amd64), single desktop computer. I try > to setup a IPFW firewall and I am confused about logging settings. > In /etc/rc.conf I have: > firewall_enable="YES" > firewall_quiet="YES" > firewall_type="workstation" > firewall_logdeny="YES" > firewall_logging="YES" > > When I start computer I got about firewall: > ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to > deny, logging disable > In /var/log/security is: newsyslog[28503]: logfile first created > > How should I know if firewall works? Easiest way: with an external test, for example with nmap. > I had to use pf firewall and I had > so many logs related to "igmp query v3". You can set IPFW's default logging at kernel compile time (example from an older system): # Firewall, NAT options DUMMYNET options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=500 options IPFILTER options IPDIVERT Today, those can probably be configured dynamically. I don't know if there is a "kernel tunable" for those setting, but it probably is. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180218002522.1f24754f.freebsd>