From owner-freebsd-questions@FreeBSD.ORG Wed Apr 28 00:34:07 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B755216A4CE for ; Wed, 28 Apr 2004 00:34:07 -0700 (PDT) Received: from mail.elvandar.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25CF543D31 for ; Wed, 28 Apr 2004 00:34:05 -0700 (PDT) (envelope-from remko@elvandar.org) Message-ID: <408F5E69.1070309@elvandar.org> Date: Wed, 28 Apr 2004 09:34:01 +0200 From: Remko Lodder X-Accept-Language: en-us, en MIME-Version: 1.0 To: dave References: <20040427165617.736E016A4EB@hub.freebsd.org> <408EC09C.3010407@elvandar.org> <408EC59D.3070503@elvandar.org> <000201c42cd7$32100d00$0200a8c0@satellite> In-Reply-To: <000201c42cd7$32100d00$0200a8c0@satellite> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at elvandar.org cc: freebsd-questions@freebsd.org Subject: Re: ipmon logging as well X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2004 07:34:07 -0000 Hey dave, > does not run ipnat just ipfilter and ipmon. I've got: this have to be in rc.conf for ipnat: ipnat_enable="NO" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK > compiled in to my kernel. And in rc.conf: > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="" (Note, i thought this one was suppose to resolve a problem > of a duplicate ipfilter startup message, about already being initialized?) > ipmon_enable="YES" > ipmon_flags="-D /var/log/ipf.log" > In the /etc/rc.d/ipfilter script i added ipmon to the end of the require: > line and in the ipmon script i added ipfilter. On boot i get a message that > says enabling ipfilter, default = block all, logging = enabled. A little > later i get the message: I think that you need to place ipfilter in the ipmon /etc/rc.d file, and not ipmon in the ipfilter file. Why? Since it gets started twice now imho, Could you try that? > Enabling ipfilter > ioctl(SIOCIPFL6):Invalid argument > and it does not work. > Suggestions welcome, also when i get this working i'd like for newsyslog > to rotate this log file, but the last time i tried this newsyslog rotated > the file yet kept the original pointer open and kept logging to the old > file. You should add -U "U indicates that the file specified by path_to_pid_file will contain the id for a process group, instead of a process. This option also requires that the first line in that file must be a negative value, to distinguish it from a value for a process id." for example: /var/log/ipfilter.log 640 7 * @T00 U /path/to/pidfile (I used /var/log/maillog as example). > Thanks. > Dave. No problem, Cheers! -- -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene