From owner-freebsd-questions Fri May 29 22:32:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA23210 for freebsd-questions-outgoing; Fri, 29 May 1998 22:32:52 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from nwalme.pair.com (nwalme.pair.com [209.68.1.123]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA23185 for ; Fri, 29 May 1998 22:32:36 -0700 (PDT) (envelope-from dima@nwalme.pair.com) Received: (from dima@localhost) by nwalme.pair.com (8.9.0/8.6.12) id BAA09236; Sat, 30 May 1998 01:32:31 -0400 (EDT) Message-Id: <199805300532.BAA09236@nwalme.pair.com> X-Envelope-To: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall question.... To: wwoods@cybcon.com (William Woods) Date: Sat, 30 May 1998 01:32:31 -0400 (EDT) Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <356F829A.682A32B2@cybcon.com> from William Woods at "May 29, 98 08:52:58 pm" From: Dima Dorfman X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I don't know about /var/log/messages, but it could log to the console (/dev/console). This is done on a per-rule basis. For example, if you have a rule such as: ipfw add 1 deny udp from any to any replace it with iprw add 1 deny log udp from any to any Since thousands of packets pass throught your system (maybe), it will build it quickly. You need to add the following line to your kernel config file: IPFIREWALL_VERBOSE_LIMIT=nnn (replacing nnn with a maximum number of logs before it stops), and rebuild your kernel. Hope this helps :-) > OK, got my firewall up and doing what I want, question though, I would > like to SEE what is blocked and where it is comming from. I have a tail > -f /var/log/messages running in a consol at all times, so is there > anyway to get the firewaill to log all denys on /var/log/messages/? > > -- > William - wwoods@cybcon.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Dima Dorfman (dima@zwb.net) "640k ought to be enough for anybody." - Bill Gates, 1981 Micro$oft Sucks! FreeBSD Rules! http://www.freebsd.org/ Finger dima@zwb.net for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message