Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Apr 2001 12:31:20 -0700
From:      Sean Chittenden <sean-freebsd-ipfw@chittenden.org>
To:        michal.kutnohorsky@asp1000.com
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: ipfw logging isnt enable during booting
Message-ID:  <20010407123120.B85113@rand.tgd.net>
In-Reply-To: <381F2A6B1CC4C449B19CA48BA7A2A87B0E1DB8@server.asp1000.cz>; from "michal.kutnohorsky@asp1000.com" on Fri, Apr 06, 2001 at = 11:38:03AM
References:  <381F2A6B1CC4C449B19CA48BA7A2A87B0E1DB8@server.asp1000.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
> after rebooting system i found this in dmesg
> ip packet filtering initialized, divert enabled, rule-base forwarding
> disabled, defalut to deny, logging disabled.
> 
> and on console it wrote error message: "ipfw_ctl bad command" - or somethig
> like this

	Hmm.... sounds like a type-o in your /etc/rc.firewall.

> firwall is working natd too
> 
> but as you can see logging is disabled but shoud be enable if the kernel is
> recompiled with IPFIREWALL_VERBOSE

options         IPFIREWALL              # firewall
options         IPFIREWALL_VERBOSE      # print info about dropped packets
options         IPFIREWALL_VERBOSE_LIMIT=1000

> when i enable logging by command net.inet.ip.fw.verbose=1 its working
> 
> should i use some patch or its fault of configuration?

	Configuration.  Here are some entries out of
/etc/defaults/rc.conf.  Try firewall_logging="YES" and rebooting.

### Basic network and firewall/security options: ###
firewall_enable="NO"            # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN"         # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO"             # Set to YES to suppress rule display
firewall_logging="NO"           # Set to YES to enable events logging
firewall_flags=""               # Flags passed to ipfw when type is a file

-- 
Sean Chittenden

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Comment: Sean Chittenden <sean@chittenden.org>

iEYEARECAAYFAjrPawgACgkQn09c7x7d+q2yTwCfXk9OCkD16ZeysBkzm08UYVS4
KpQAn2h6XOPPZEA4ubSPFCYZDi1rFiiT
=gpfT
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010407123120.B85113>