From owner-freebsd-questions@FreeBSD.ORG Fri Apr 16 10:51:33 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 522AD16A4CE for ; Fri, 16 Apr 2004 10:51:33 -0700 (PDT) Received: from mazer.squad51.net (mazer.squad51.net [199.199.210.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB8F843D1D for ; Fri, 16 Apr 2004 10:51:32 -0700 (PDT) (envelope-from insyte@emt-p.org) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by mazer.squad51.net with local; Fri, 16 Apr 2004 12:51:31 -0500 Date: Fri, 16 Apr 2004 12:51:31 -0500 From: Ben Beuchler To: freebsd-questions@freebsd.org Message-ID: <20040416175131.GA31191@emt-p.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: Identifying traffic logged by ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Apr 2004 17:51:33 -0000 I'm working on a new bridging firewall using ipfw on FBSD 5.1. The goal is to default to closed with a few exceptions. To test my ruleset, I end with this rule: add 420 allow log ip from any to any The idea is that by watching the logs I could see what protocols I forgot to create rules for. This is what I'm getting in the logs: Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2 I'm guessing this means it's matching non-ip traffic, but I couldn't find any info to confirm this. Is there any sort of trick I could use to log the entire packet? Since nothing about the source or destination was logged, I don't have enough info to create a tcpdump filter. Perhaps some sort of divert rule? Thanks! -Ben -- Ben Beuchler There is no spoon. insyte@emt-p.org -- The Matrix