Date: Tue, 24 Oct 2006 13:05:12 -0700 From: Julian Elischer <julian@elischer.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-ipfw@freebsd.org, Oleg Bulyzhin <oleg@freebsd.org>, Luigi Rizzo <rizzo@icir.org> Subject: Re: ipfw tracing Message-ID: <453E71F8.7020809@elischer.org> In-Reply-To: <453DF0A7.6030700@yandex.ru> References: <453DF0A7.6030700@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey V. Elsukov wrote: > Hi, All! > > I've make a small patch that add a rule action > tracing feature to ipfw2. > > http://butcher.heavennet.ru/patches/kernel/ipfw_trace/ > > This patch can be usefull when you have too many > ipfw-rules. When some packets not pass ipfw - It is not > easy to determine rule which block these packets. > > How to use: > > # ipfw add 1 count tag <SOME_TAG> <RULE_BODY> > # sysctl net.inet.ip.fw.trace_tag=<SOME_TAG> > # tail -f /var/log/security > > <SOME_TAG> - some tag number > <RULE_BODY> - rule for matching needed packets > > What you think about that? > Can you show some sample usage and output?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?453E71F8.7020809>