Date: Wed, 26 Jul 2000 00:01:59 -0500 From: Stephen Montgomery-Smith <stephen@math.missouri.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: log with dynamic firewall rules Message-ID: <397E70C7.76EDB004@math.missouri.edu> References: <397E1E25.FE8731E7@math.missouri.edu> <397E4487.A868B713@math.missouri.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, it seems that people would like to leave the logging behaviour of keep-state rules like it is. People could use ipf - I know nothing about that as I have not read the man page yet. For ipfw, I realise now that it would be rather easy to have two kinds of logging for keep-state rules - one which keeps logging every packet that comes through, and one which only logs when a new dynamic rule is created. All the help manuals on natd point one to ipfw, and really it is quite easy to use. I did not find out about ipf until I see you guys talking about it. I think this kind of extra functionality in ipfw would be very helpful. Really, the only question is which syntax to use. Maybe we should keep add pass log from xxx to yyy keep-state to do what it does now. We could have a new keyword: keep-state-log add pass log from xxx to yyy keep-state-log would be like keep-state plus logging when a new dynamic rule is created. Or this could be indicated by add pass log-new-state from xxx to yyy keep-state The first of these options (the keep-state-log) is really easy to program. And in a way it makes more sense, since it is really the keep state we are logging, not that pass that we are logging. Or maybe it should be written: add pass log from xxx to yyy keep-state log yes that seems the best way. -- Stephen Montgomery-Smith Department of Mathematics, University of Missouri, Columbia, MO 65211 Phone 573-882-4540, fax 573-882-1869 http://www.math.missouri.edu/~stephen stephen@math.missouri.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397E70C7.76EDB004>