Date: Tue, 15 Dec 2009 10:09:47 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: FreeBSD current mailing list <current@freebsd.org> Subject: Re: [PATCH] ipfw logging through tcpdump ? Message-ID: <20091215095440.U86040@maildrop.int.zabbadoz.net> In-Reply-To: <20091214235307.GA5345@onelab2.iet.unipi.it> References: <20091214235307.GA5345@onelab2.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Dec 2009, Luigi Rizzo wrote: Hi, > The following ipfw patch (which i wrote back in 2001/2002) makes > ipfw logging possible through tcpdump -- it works by passing to the > fake device 'ipfw0' all packets matching rules marked 'log' . > The use is very simple -- to test it just do > > ipfw add 100 count log ip from any to any > > and then > > tcpdump -ni ipfw0 > > will show all matching traffic. > > I think this is a quite convenient and flexible option, so if there > are no objections I plan to commit it to head. pf(4) has pflog(4). Ideally calling it the same would be good though I wonder if two of the the three of our firewalls grow that feature, if we could have a common packet logging device rather than re-doing it for each implementation. Frankly, I haven't looked at the details of the implementation but I found getting rul numbers with tcpdump -e etc. was pretty cool to identify where things were blocked or permitted. Also make sure that the per-VIMAGE interface will work correctly and as expected. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091215095440.U86040>