From owner-freebsd-questions@FreeBSD.ORG Sat Aug 9 14:33:02 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 626AC931 for ; Sat, 9 Aug 2014 14:33:02 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2FD5B2194 for ; Sat, 9 Aug 2014 14:33:01 +0000 (UTC) Received: from [192.168.0.4] (rbn1-216-180-76-236.adsl.hiwaay.net [216.180.76.236]) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id s79EX0ge009008 for ; Sat, 9 Aug 2014 09:33:00 -0500 Message-ID: <53E63293.3090901@hiwaay.net> Date: Sat, 09 Aug 2014 09:39:15 -0500 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7 MIME-Version: 1.0 To: "FreeBSD Questions !!!!" Subject: Re: ipfw question .... References: <53E62D07.2030703@hiwaay.net> <53E62CEE.7060202@sentex.net> In-Reply-To: <53E62CEE.7060202@sentex.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2014 14:33:02 -0000 On 08/09/14 09:15, Mike Tancsa wrote: > On 8/9/2014 10:15 AM, William A. Mahaffey III wrote: >> >> >> Why is there a limit on the # of logged denials by ipfw ? > > The limit is there to prevent conditions where syslog would be > overwhelmed with hits, as in the case for example of a DoS. You can > change it as discussed in the man pages > > > If net.inet.ip.fw.verbose is set to 1, packets will be logged to > syslogd(8) with a LOG_SECURITY facility up to a maximum of logamount > packets. If no logamount is specified, the limit is taken from the > sysctl variable net.inet.ip.fw.verbose_limit. In both cases, a value > of 0 means unlimited logging. > > Once the limit is reached, logging can be re-enabled by clearing the > logging counter or the packet counter for that entry, see the resetlog > command. > > ---Mike > > Hmmmm .... OK, sounds good. I would like a bit more granularity on deciding what to log & what to not log. For example, 99% of the time, I would drop denials from my LAN, except when I am trying to figure out why I can't get NFS working, for example. I'd like to be able to choose that when I (re)start ipfw. I am using the default rc.firewall located in /etc, BTW. I might like to specify denial-logging by protocol *and* port #, rather than just port # .... Is there a way to implement any of this ? Thanks & TIA .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.