From owner-freebsd-questions@FreeBSD.ORG Mon Oct 25 14:45:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 707CD16A4CE for ; Mon, 25 Oct 2004 14:45:29 +0000 (GMT) Received: from mailgate.teledome.gr (mailgate.teledome.gr [213.142.128.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3578543D2F for ; Mon, 25 Oct 2004 14:45:28 +0000 (GMT) (envelope-from nvass@teledome.gr) Received: from [192.168.1.71] (helo=[192.168.1.71]) by mailgate.teledome.gr with esmtp (Exim 4.34) id 1CM6Xd-0000MG-9x; Mon, 25 Oct 2004 18:13:49 +0300 From: Nikos Vassiliadis To: freebsd-questions@freebsd.org, Spades Date: Mon, 25 Oct 2004 17:48:00 +0300 User-Agent: KMail/1.6.2 References: <057501c4ba7d$d65a7fb0$0300a8c0@astral> <20041025133443.GA6371@shark.localdomain> <064801c4ba99$169fcab0$0300a8c0@astral> In-Reply-To: <064801c4ba99$169fcab0$0300a8c0@astral> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200410251748.00620.nvass@teledome.gr> Subject: Re: ipfw flooding in /var/log/ipfw.log X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2004 14:45:29 -0000 On Monday 25 October 2004 16:46, Spades wrote: > error: > > # ipfw add 900 allow log all from any to any setup > ipfw: unknown argument ``setup'' setup is available only for TCP connections. So ipfw add allow log logamount 0 tcp from any to any setup would be the correct one. But this is hardly what you want to do, since it matches only the three-way handshake TCP does. The rest of the stream will be dropped if your last rule(65535) is the default one (deny ip from any to any) This will log every TCP connection setup, and let the rest of the stream flow: allow log logamount 0 tcp from any to any setup allow tcp from any to any BUT this is not a firewall setup. It's just a TCP connection logger. You should do a little reading about TCP/IP, in order to understand how to setup a firewall. Cheers, NikV > > ----- Original Message ----- > From: "Sergey Zaharchenko" > To: "Spades" > Cc: > Sent: Monday, October 25, 2004 9:34 PM > Subject: Re: ipfw flooding in /var/log/ipfw.log > On Mon, Oct 25, 2004 at 06:31:49PM +0800, > > Spades probably wrote: > > this is my ipfw.rule for now > > # ipfw add 900 allow log all from any to any > > > > > It will keep spitting this 2 lines as long i'm connected, how do i make > > it such as it will log only one instance? > > You might want to change the rule to > > # ipfw add 900 allow log all from any to any setup > ^^^^^ > which only logs the (attempts to) set up a connection (the initail SYN > packets). man ipfw has some interesting information on this. > > HTH,