Date: Wed, 28 Apr 2004 09:34:01 +0200 From: Remko Lodder <remko@elvandar.org> To: dave <dmehler26@woh.rr.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipmon logging as well Message-ID: <408F5E69.1070309@elvandar.org> In-Reply-To: <000201c42cd7$32100d00$0200a8c0@satellite> References: <20040427165617.736E016A4EB@hub.freebsd.org> <Pine.LNX.4.56.0404271548360.6243@Mira.dandy.net> <408EC09C.3010407@elvandar.org> <Pine.LNX.4.56.0404271625500.16311@Mira.dandy.net> <408EC59D.3070503@elvandar.org> <000201c42cd7$32100d00$0200a8c0@satellite>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey dave,
> does not run ipnat just ipfilter and ipmon. I've got:
this have to be in rc.conf for ipnat:
ipnat_enable="NO" # Set to YES to enable ipnat functionality
ipnat_program="/sbin/ipnat" # where the ipnat program lives
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ipnat_flags="" # additional flags for ipnat
> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
> compiled in to my kernel. And in rc.conf:
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags="" (Note, i thought this one was suppose to resolve a problem
> of a duplicate ipfilter startup message, about already being initialized?)
> ipmon_enable="YES"
> ipmon_flags="-D /var/log/ipf.log"
> In the /etc/rc.d/ipfilter script i added ipmon to the end of the require:
> line and in the ipmon script i added ipfilter. On boot i get a message that
> says enabling ipfilter, default = block all, logging = enabled. A little
> later i get the message:
I think that you need to place ipfilter in the ipmon /etc/rc.d file, and
not ipmon in the ipfilter file. Why? Since it gets started twice now
imho, Could you try that?
> Enabling ipfilter
> ioctl(SIOCIPFL6):Invalid argument
> and it does not work.
> Suggestions welcome, also when i get this working i'd like for newsyslog
> to rotate this log file, but the last time i tried this newsyslog rotated
> the file yet kept the original pointer open and kept logging to the old
> file.
You should add -U
"U indicates that the file specified by path_to_pid_file
will contain the id for a process group, instead of a
process. This option also requires that the first line
in that file must be a negative value, to distinguish it
from a value for a process id."
for example:
/var/log/ipfilter.log 640 7 * @T00 U
/path/to/pidfile
(I used /var/log/maillog as example).
> Thanks.
> Dave.
No problem,
Cheers!
--
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?408F5E69.1070309>