Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Mar 2016 17:31:13 +0100
From:      Wout =?ISO-8859-1?Q?Decr=E9?= <wout@canodus.be>
To:        Chris Jordan <cwjordandt@gmail.com>
Cc:        freebsd-doc@freebsd.org
Subject:   Re: Handbook section 29.4.1 Enabling IPFW
Message-ID:  <1458577873.3661.20.camel@canodus.be>
In-Reply-To: <CAPOquS8BoY5T_a6Nd0Opg-wQ-QoNV=UCBKySbmWAPLto3NiojQ@mail.gmail.com>
References:  <CAPOquS8BoY5T_a6Nd0Opg-wQ-QoNV=UCBKySbmWAPLto3NiojQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2016-03-21 at 11:38 -0400, Chris Jordan wrote:
> I'm coming back to FreeBSD after many years away and I am setting up a new
> system with 10-2-release.
> 
> I was reading through Handbook section 29.4.1 "Enabling IPFW" and it says:
> "To enable logging, include this line in
> /etc/rc.conf: firewall_logging="YES"".  That didn't seem to work for me, so
> I went looking through /etc/rc.firewall, and found it's looking for  a line
> like "firewall_logdeny="YES" instead, but it's only checking for that for
> the case where firewall_type="workstation".

IPFW logging is enabled in /etc/rc.d/ipfw:

if checkyesno firewall_logging; then
  echo 'Firewall logging enabled.'
  sysctl net.inet.ip.fw.verbose=1 >/dev/null
fi

Should work putting firewall_logging="YES" in rc.conf. By default, logs
are written to /var/log/security.

> 
> That works fine, but it's not documented in either the handbook page or the
> rc.conf(5) man page.  Before I submit a problem report, I wanted to check
> here if I'm missing something (maybe it's a deprecated option or
> something?).
> 
> Chris Jordan
> cwjordandt@gmail.com
> _______________________________________________
> freebsd-doc@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-doc
> To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1458577873.3661.20.camel>