From owner-freebsd-ipfw  Sat Apr  7 12:31:27 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mail.tgd.net (rand.tgd.net [64.81.67.117])
	by hub.freebsd.org (Postfix) with SMTP id E5D8E37B424
	for <freebsd-ipfw@freebsd.org>; Sat,  7 Apr 2001 12:31:24 -0700 (PDT)
	(envelope-from sean@mailhost.tgd.net)
Received: (qmail 18962 invoked by uid 1001); 7 Apr 2001 19:31:20 -0000
Date: Sat, 7 Apr 2001 12:31:20 -0700
From: Sean Chittenden <sean-freebsd-ipfw@chittenden.org>
To: michal.kutnohorsky@asp1000.com
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw logging isnt enable during booting
Message-ID: <20010407123120.B85113@rand.tgd.net>
References: <381F2A6B1CC4C449B19CA48BA7A2A87B0E1DB8@server.asp1000.cz>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="m51xatjYGsM+13rf"
Content-Disposition: inline
In-Reply-To: <381F2A6B1CC4C449B19CA48BA7A2A87B0E1DB8@server.asp1000.cz>; from "michal.kutnohorsky@asp1000.com" on Fri, Apr 06, 2001 at = 11:38:03AM
X-PGP-Key: 0x1EDDFAAD
X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD
X-Web-Homepage: http://sean.chittenden.org/
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--m51xatjYGsM+13rf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> after rebooting system i found this in dmesg
> ip packet filtering initialized, divert enabled, rule-base forwarding
> disabled, defalut to deny, logging disabled.
>=20
> and on console it wrote error message: "ipfw_ctl bad command" - or someth=
ig
> like this

	Hmm.... sounds like a type-o in your /etc/rc.firewall.

> firwall is working natd too
>=20
> but as you can see logging is disabled but shoud be enable if the kernel =
is
> recompiled with IPFIREWALL_VERBOSE

options         IPFIREWALL              # firewall
options         IPFIREWALL_VERBOSE      # print info about dropped packets
options         IPFIREWALL_VERBOSE_LIMIT=3D1000

> when i enable logging by command net.inet.ip.fw.verbose=3D1 its working
>=20
> should i use some patch or its fault of configuration?

	Configuration.  Here are some entries out of
/etc/defaults/rc.conf.  Try firewall_logging=3D"YES" and rebooting.

### Basic network and firewall/security options: ###
firewall_enable=3D"NO"            # Set to YES to enable firewall functiona=
lity
firewall_script=3D"/etc/rc.firewall" # Which script to run to set up the fi=
rewall
firewall_type=3D"UNKNOWN"         # Firewall type (see /etc/rc.firewall)
firewall_quiet=3D"NO"             # Set to YES to suppress rule display
firewall_logging=3D"NO"           # Set to YES to enable events logging
firewall_flags=3D""               # Flags passed to ipfw when type is a file

--=20
Sean Chittenden

--m51xatjYGsM+13rf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Comment: Sean Chittenden <sean@chittenden.org>

iEYEARECAAYFAjrPawgACgkQn09c7x7d+q2yTwCfXk9OCkD16ZeysBkzm08UYVS4
KpQAn2h6XOPPZEA4ubSPFCYZDi1rFiiT
=gpfT
-----END PGP SIGNATURE-----

--m51xatjYGsM+13rf--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message