From owner-freebsd-stable@FreeBSD.ORG Sun Nov 2 10:12:56 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE68116A4CF for ; Sun, 2 Nov 2003 10:12:56 -0800 (PST) Received: from blacklamb.mykitchentable.net (207-173-254-228.bras01.elk.ca.frontiernet.net [207.173.254.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27D7543F75 for ; Sun, 2 Nov 2003 10:12:56 -0800 (PST) (envelope-from drew@mykitchentable.net) Received: from bigdaddy (unknown [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id D52323BF3AA; Sun, 2 Nov 2003 10:12:54 -0800 (PST) Message-ID: <010301c3a16c$f0293c40$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "Zoran Kolic" , References: <20031102061154.GA539@> Date: Sun, 2 Nov 2003 10:12:54 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300 Subject: Re: ipfw2 logging X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2003 18:12:57 -0000 ----- Original Message ----- From: "Zoran Kolic" To: Sent: Saturday, November 01, 2003 10:11 PM Subject: ipfw2 logging > > Dear list! > I have a little problem, trying > to enable logging of deny rule. > I have enabled it via kernel: > > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=3 This seems to be a very small limit. Do you really intend to end logging of a rule after three matches? > It is ipfw2. After that, my inten- > tion was to use syslogd and > > !ipfw > *.* /var/log/ipfw.log > > and newsyslog with > > /var/log/ipfw.log 600 3 100 * J On my system, none of this was necessary. By default, firewall messages are logged to /var/log/security. If you don't have this file, try using 'touch' to create it and then see if you get firewall messages. > In rc.conf I have > > firewall_enable="YES" > firewall_logging="YES" > > Well! Firewall works, I have data > with "ipfw show", but there is no > log. My intentioned rule is > > add 65535 deny log all from any to any This rule will log all denied packets until the limit (in your case, 3 packets) is reached. Then logging will stop until counters are cleared with either 'zero' or 'resetlog'. > It should work, but is does not. > What I am doing wrong? > With no syslogd and newsyslog, log > would be in "messages" file in > /var/log directory? As I mention above, look for messages in /var/log/security. Cheers, Drew