From owner-freebsd-stable@FreeBSD.ORG Sun Jul 4 04:36:38 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49B3D16A4CF; Sun, 4 Jul 2004 04:36:38 +0000 (GMT) Received: from auk1.snu.ac.kr (auk1.snu.ac.kr [147.46.100.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA14643D2F; Sun, 4 Jul 2004 04:36:37 +0000 (GMT) (envelope-from stopspam@users.sourceforge.net) Received: from [147.46.44.181] (stopspam@users.sourceforge.net) by auk1.snu.ac.kr (Terrace Internet Messaging Server) with ESMTP id 2004070413:36:26:616646.24099.2755038128 for ; Sun, 04 Jul 2004 13:36:26 +0900 (KST) Message-ID: <40E78954.4070401@users.sourceforge.net> Date: Sun, 04 Jul 2004 13:36:36 +0900 From: Rob User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040703 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-TERRACE-SPAMMARK: NO (SR:8.48) (by Terrace) Subject: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jul 2004 04:36:38 -0000 Hello, I have one PC with updated kernel/world from June 25th, and another from June 10th, all with sources for STABLE. Both PCs have a firewall. Neither of the two seems to obey the verbose limit of 100, that I put in the kernel configuration file. In the past, /var/log/secure used to rotate once a week or so, but now it does in less than 30 minutes due to the overwhelming amount of firewall logs. The kernel configuration has following lines, related to the firewall: options IPDIVERT options IPFW2 # version 2 IPFW options IPFIREWALL # firewall options IPFIREWALL_VERBOSE # enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default and I have in /etc/make.conf: IPFW2=TRUE Any idea what is going wrong here? Thanks, Rob.