From owner-freebsd-questions  Wed Jan 16  6:59:13 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42])
	by hub.freebsd.org (Postfix) with SMTP id 4CF3637B404
	for <freebsd-questions@freebsd.org>; Wed, 16 Jan 2002 06:59:06 -0800 (PST)
Received: (qmail 29161 invoked from network); 16 Jan 2002 15:59:04 +0100
Received: from bb-62-5-36-29.bb.tninet.se (HELO there) (62.5.36.29)
  by mail.telenordia.se with SMTP; 16 Jan 2002 15:59:04 +0100
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mark Rowlands <fuc952d@tninet.se>
To: freebsd-questions@freebsd.org
Subject: ipmon stopped logging.
Date: Wed, 16 Jan 2002 15:59:06 +0100
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020116145906.4CF3637B404@hub.freebsd.org>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

been running ipmon / ipfilter for a while quite happily when.....one fine day 
it stopped logging.

kernel options

options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         IPFILTER_DEFAULT_BLOCK

dmesg
IP Filter: v3.4.20 initialized.  Default = block all, Logging = enabled

some sample ipfilter rules from ipfstat 

@7 block in log quick on xl1 proto tcp from any to any flags FPU/FSRPAUC
@8 block in log quick on xl1 from any to any with frag
@9 block in log quick on xl1 from any to 224.0.0.0/3
@10 block in log quick on xl1 from 169.254.0.0/16 to any
@11 block in log quick on xl1 from 192.168.0.0/16 to any
@12 block in log quick on xl1 from 10.0.0.0/8 to any
@13 block in log quick on xl1 from any to 62.5.39.0/32
@14 block in log quick on xl1 from any to 62.5.39.255/32
@15 block in log quick on xl1 from any to 255.255.255.0/24
@16 block return-rst in log quick on xl1 proto tcp from any to any

(this is not my normal config,  I added the logging on these rules to ensure 
that there would definitely be something to log) 

syslog.conf

local0.*        -/var/log/firewall_logs

ls -al /var/log/fire*
-rw-r--r--   1 root      wheel        0 Jan 16 12:48 firewall_logs

and ipmon runs as ipmon -Dsv

uname :-
FreeBSD pcmarpxy 4.5-RC FreeBSD 4.5-RC #0: Tue Jan 15 21:51:55 CET 2002

This was working quite happily and no, I can' t  specifically remember 
changing anything that might stop it from working.

Any suggestions as where the problem might lie?



-- 
Swap read error.  You lose your mind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message