Date: Sun, 2 Nov 2003 10:12:54 -0800 From: "Drew Tomlinson" <drew@mykitchentable.net> To: "Zoran Kolic" <kolicz@eunet.yu>, <freebsd-stable@freebsd.org> Subject: Re: ipfw2 logging Message-ID: <010301c3a16c$f0293c40$0301a8c0@bigdaddy> References: <20031102061154.GA539@>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Zoran Kolic" <kolicz@eunet.yu> To: <freebsd-stable@freebsd.org> Sent: Saturday, November 01, 2003 10:11 PM Subject: ipfw2 logging > > Dear list! > I have a little problem, trying > to enable logging of deny rule. > I have enabled it via kernel: > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=3 This seems to be a very small limit. Do you really intend to end logging of a rule after three matches? > It is ipfw2. After that, my inten- > tion was to use syslogd and > > !ipfw > *.* /var/log/ipfw.log > > and newsyslog with > > /var/log/ipfw.log 600 3 100 * J On my system, none of this was necessary. By default, firewall messages are logged to /var/log/security. If you don't have this file, try using 'touch' to create it and then see if you get firewall messages. > In rc.conf I have > > firewall_enable="YES" > firewall_logging="YES" > > Well! Firewall works, I have data > with "ipfw show", but there is no > log. My intentioned rule is > > add 65535 deny log all from any to any This rule will log all denied packets until the limit (in your case, 3 packets) is reached. Then logging will stop until counters are cleared with either 'zero' or 'resetlog'. > It should work, but is does not. > What I am doing wrong? > With no syslogd and newsyslog, log > would be in "messages" file in > /var/log directory? As I mention above, look for messages in /var/log/security. Cheers, Drew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010301c3a16c$f0293c40$0301a8c0>