From owner-freebsd-questions Wed Sep 25 17:15:18 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82CE637B401 for ; Wed, 25 Sep 2002 17:15:17 -0700 (PDT) Received: from rhymer.cogsci.ed.ac.uk (rhymer.cogsci.ed.ac.uk [129.215.144.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5893243E42 for ; Wed, 25 Sep 2002 17:15:16 -0700 (PDT) (envelope-from richard@cogsci.ed.ac.uk) Received: from sorley.cogsci.ed.ac.uk (sorley [129.215.144.53]) by rhymer.cogsci.ed.ac.uk (8.9.3/8.9.3) with ESMTP id BAA19611; Thu, 26 Sep 2002 01:15:14 +0100 (BST) Received: (from richard@localhost) by sorley.cogsci.ed.ac.uk (8.9.3+Sun/8.9.3) id BAA16096; Thu, 26 Sep 2002 01:15:14 +0100 (BST) Date: Thu, 26 Sep 2002 01:15:14 +0100 (BST) Message-Id: <200209260015.BAA16096@sorley.cogsci.ed.ac.uk> From: Richard Tobin Subject: Re: A cool IPF firewall trick To: BSD Freak , FreeBSD Questions In-Reply-To: BSD Freak's message of Thu, 26 Sep 2002 09:56:26 +1000 Organization: just say no Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I run several FreeBSD/IPF based firewalls. I would really like to get > some sort of basic visual representation as to what the firewall is > doing without actually logging in and tailing logs. My idea is to have > the HDD LED (red) light up when IPF blocks packets with an ipf block > rule and the power LED (green) light up when traffic is passed with an > ipf pass rule. You could have rules to send the packets to divert sockets (as is done for NAT), and write a program to respond to them. See divert(4) and natd(8). It would be easier to use the keyboard leds (KDSETLED ioctl) than the disk and power leds, I think. -- Richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message