From owner-freebsd-isp@FreeBSD.ORG  Sat May  6 13:19:56 2006
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1E22A16A400
	for <freebsd-isp@freebsd.org>; Sat,  6 May 2006 13:19:56 +0000 (UTC)
	(envelope-from shulik_freebsd@matrixhome.net)
Received: from mail.donec.net (ns.donec.net [193.108.38.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8E28D43D46
	for <freebsd-isp@freebsd.org>; Sat,  6 May 2006 13:19:55 +0000 (GMT)
	(envelope-from shulik_freebsd@matrixhome.net)
Received: from [193.108.38.5] (unknown [193.108.38.5])
	by mail.donec.net (Postfix) with ESMTP
	id 98431186C05; Sat,  6 May 2006 16:19:02 +0300 (EEST)
Message-ID: <445CA23C.3010306@matrixhome.net>
Date: Sat, 06 May 2006 16:18:52 +0300
From: Alexander <shulik_freebsd@matrixhome.net>
User-Agent: Thunderbird 1.5.0.2 (X11/20060426)
MIME-Version: 1.0
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-isp@freebsd.org
References: <445C50A0.2070709@matrixhome.net>
	<20060506073907.O54242@maildrop.int.zabbadoz.net>
	<445C6ACB.6020502@matrixhome.net>
	<20060506103551.S54242@maildrop.int.zabbadoz.net>
In-Reply-To: <20060506103551.S54242@maildrop.int.zabbadoz.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: IPFW and syslog
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2006 13:19:56 -0000

So, I also try ipfw add 99 deny ip from any to any, but got the same
trouble...

Bjoern A. Zeeb wrote:
> On Sat, 6 May 2006, Alexander wrote:
>
>> Bjoern A. Zeeb wrote:
>>> On Sat, 6 May 2006, Alexander wrote:
>>>
>>>> Default rule is deny.
>>>> Some packets is registered under default rule, but I can't find
>>>> documentation - how log to syslog packets, that denied in default
>>>> rules.
>>>
>>> Add the same rule with rule number - 1 and add log statement.
>>>
>> Gmmmm! I have added rule: ipfw add 1 deny ip from any to any
>> And server dropped all packets...
>
> Well
> "rule number" (for default rule) - 1 == 65535 - 1 == 65534
>
> I guess I should have added quotes or braces or the sample.
>
> Sorry for the trouble...
>