Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 May 2003 14:43:28 +0200
From:      "Barry Irwin" <bvi@itouchlabs.com>
To:        "Mark Bojara" <mark@mics.co.za>, <freebsd-isp@freebsd.org>
Subject:   Re: default to deny rule
Message-ID:  <01bc01c31303$fa4680e0$4508a8c0@Beastie>
References:  <20030505142730.A322-100000@opium.co.za>

next in thread | previous in thread | raw e-mail | index | archive | help
The easiest, is to put in a rule just befroe it say 653500 deny log
logamount <x> ip from any to any

you could even break it down to log against separate rule numbers for  tcp,
udp, icmp, etc. withc  a catchall at the end.

Barry


--
Barry Irwin         bvi@itouchlabs.com                    Tel:
+27214875178
Systems Administrator: Networks And Security
iTouch Technology
iTouch TAS      http://www.itouchlabs.com         Mobile: +27824457210


----- Original Message -----
From: "Mark Bojara" <mark@mics.co.za>
To: <freebsd-isp@freebsd.org>
Sent: Monday, May 05, 2003 2:28 PM
Subject: default to deny rule


> Hello All,
>
> I have setup a default to deny ipfw rule and I would like that rule to log
> all denied packets aswell. Eg change it to: "65535 deny log ip from any to
any"
>
> How would I do this?
>
> Regards
> Mark Bojara
>
> ----------------------------------------------------------------
> A life lived in fear is half a life lived.
> ----------------------------------------------------------------
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
>
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bc01c31303$fa4680e0$4508a8c0>