Date: Fri, 16 Apr 2004 12:51:31 -0500 From: Ben Beuchler <insyte@emt-p.org> To: freebsd-questions@freebsd.org Subject: Identifying traffic logged by ipfw Message-ID: <20040416175131.GA31191@emt-p.org>
next in thread | raw e-mail | index | archive | help
I'm working on a new bridging firewall using ipfw on FBSD 5.1. The goal is to default to closed with a few exceptions. To test my ruleset, I end with this rule: add 420 allow log ip from any to any The idea is that by watching the logs I could see what protocols I forgot to create rules for. This is what I'm getting in the logs: Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2 I'm guessing this means it's matching non-ip traffic, but I couldn't find any info to confirm this. Is there any sort of trick I could use to log the entire packet? Since nothing about the source or destination was logged, I don't have enough info to create a tcpdump filter. Perhaps some sort of divert rule? Thanks! -Ben -- Ben Beuchler There is no spoon. insyte@emt-p.org -- The Matrix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040416175131.GA31191>