Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Nov 2003 10:12:54 -0800
From:      "Drew Tomlinson" <drew@mykitchentable.net>
To:        "Zoran Kolic" <kolicz@eunet.yu>, <freebsd-stable@freebsd.org>
Subject:   Re: ipfw2 logging
Message-ID:  <010301c3a16c$f0293c40$0301a8c0@bigdaddy>
References:  <20031102061154.GA539@>

next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Zoran Kolic" <kolicz@eunet.yu>
To: <freebsd-stable@freebsd.org>
Sent: Saturday, November 01, 2003 10:11 PM
Subject: ipfw2 logging


>
> Dear list!
> I have a little problem, trying
> to enable logging of deny rule.
> I have enabled it via kernel:
>
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=3

This seems to be a very small limit.  Do you really intend to end logging of
a rule after three matches?

> It is ipfw2. After that, my inten-
> tion was to use syslogd and
>
> !ipfw
> *.*       /var/log/ipfw.log
>
> and newsyslog with
>
> /var/log/ipfw.log  600 3 100   *   J

On my system, none of this was necessary.  By default, firewall messages are
logged to /var/log/security.  If you don't have this file, try using 'touch'
to create it and then see if you get firewall messages.

> In rc.conf I have
>
> firewall_enable="YES"
> firewall_logging="YES"
>
> Well! Firewall works, I have data
> with "ipfw show", but there is no
> log. My intentioned rule is
>
> add 65535 deny log all from any to any

This rule will log all denied packets until the limit (in your case, 3
packets) is reached.  Then logging will stop until counters are cleared with
either 'zero' or 'resetlog'.

> It should work, but is does not.
> What I am doing wrong?
> With no syslogd and newsyslog, log
> would be in "messages" file in
> /var/log directory?

As I mention above, look for messages in /var/log/security.

Cheers,

Drew



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010301c3a16c$f0293c40$0301a8c0>