From owner-freebsd-questions  Sun May 17 15:21:00 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA01434
          for freebsd-questions-outgoing; Sun, 17 May 1998 15:21:00 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA01340
          for <freebsd-questions@FreeBSD.ORG>; Sun, 17 May 1998 15:20:29 -0700 (PDT)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id WAA13920;
	Sun, 17 May 1998 22:35:59 +0100 (BST)
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <355F583C.9FF500F1@tdx.co.uk>
Date: Sun, 17 May 1998 22:35:56 +0100
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.05 [en] (WinNT; I)
MIME-Version: 1.0
To: Charlie Root <root@ftp1.mfn.org>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: Possible bug in IPFW
References: <199805171900.OAA07502@ftp1.mfn.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Charlie Root wrote:

> About half way through the "23 series" of scans (which would make it
> about 750 connections attempted, it ceased logging (forever!) with the
> following message:
> 
> May 17 00:39:21 attackme /kernel: ipfw: 65500 Deny TCP x.x.x.x:1065 me.me.me.me:23 in via de3
> 
> I have checked for disk space, which AFAIK has never exceeded 50% usage on any
> slice, and sure enough, the top user of space was at a mere 45%.  /var is at 3%.
> 
> Except for the fact that it is no longer logging, it appears to be ok: cron

There is a limit you set in your kernel config for how many events to log on
IPFW...

If you look in your kernel config you'll probably have a line like:


options		"IPFIREWALL_VERBOSE_LIMIT=100"


If you change the '100' (or whatever it is in your case) either to a higehr
number, or '0' (which means always log) it should work OK...

I use '0' here on all our machines (remembering to clear down the log file
on a regular basis) and I've not noticed any problems...


Regards,

Karl Pielorz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message