Date: Wed, 17 Nov 2004 10:12:42 -0500 From: James Snow <snow@teardrop.org> To: Zoran Kolic <kolicz@EUnet.yu> Cc: freebsd-security@freebsd.org Subject: Re: ipfw logging Message-ID: <20041117151242.GB36240@teardrop.org> In-Reply-To: <20041115065524.GA972@faust.net> References: <20041115065524.GA972@faust.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 15, 2004 at 07:55:24AM +0100, Zoran Kolic wrote: > Hi all! > After installing 5.3 I've noticed > some change in firewall logging. > Prior (on 5.2) rules gave me what > I needed: trimed to 3 of the same > connection. Every new connection > on the same rule gave new log line > up to 3. I have in kernel: > FIREWALL > FIREWALL_VERBOSE > FIREWALL_VERBOSE_LIMIT=3 > Now, all connections on the same > rule are trimed to 3. Is it possib- > le on 5.3 to have all connections > logged, but no more than 3 of the > same? > Just a little annoyance... I'd > rather see what was blocked. New > is even line: > "ipfw: limit 3 reached on entry 1500" > Can I do something to have old way > of logging back? > Best regards This may or may not help you with your situation but I found it to be a considerable step up from setting these options in the kernel: As of 5.3 (or perhaps earlier - I first noticed it in 5.3) you can edit net.inet.ip.fw.verbose and net.inet.ip.fw.verbose_limit via sysctl. Perhaps you'll have some luck fiddling with the value of net.inet.ip.fw.verbose_limit. Hope that helps. -Snow
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041117151242.GB36240>