From owner-freebsd-security@FreeBSD.ORG Thu Aug 7 23:50:01 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EDF337B404 for ; Thu, 7 Aug 2003 23:50:01 -0700 (PDT) Received: from darkpossum.medill.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.51.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B79043F75 for ; Thu, 7 Aug 2003 23:49:59 -0700 (PDT) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: from darkpossum.medill.northwestern.edu (8cc33db0cd059a6eda9776b36f511f6e@localhost.medill.northwestern.edu [127.0.0.1])h786fJCk064386 for ; Fri, 8 Aug 2003 01:41:20 -0500 (CDT) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: (from possum@localhost)h786fJm3064385 for freebsd-security@freebsd.org; Fri, 8 Aug 2003 01:41:19 -0500 (CDT) Date: Fri, 8 Aug 2003 01:41:18 -0500 From: Redmond Militante To: freebsd-security@freebsd.org Message-ID: <20030808064118.GA64362@darkpossum> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline User-Agent: Mutt/1.4i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=1 X-DSS-PGP-Fingerprint: F9E7 AFEA 0209 B164 7F83 E727 5213 FAFA 1511 7836 X-High-Score-In-Unreal-Tournament: 7639 Subject: problems with ipfilter on 5.1-RELEASE X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Redmond Militante List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2003 06:50:01 -0000 --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK my /etc/rc.conf looks like ipfilter_enable="YES" ipfilter_flags="" ipfilter_rules="/etc/ipfilter.rules" ipmon_enable="YES" ipmon_flags="-Dsvn" the other problem i have is that: it now seems that ipmon is logging to /var/log/messages. i've set up ipfilter successfully on many freebsd 4x boxes, but this is the first time i've tried to set it up on 5x. in my /etc/syslog.conf i have local0.* /var/log/firewall_logs *.notice;local0.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages am i missing some things that i should be doing to set up ipfilter on 5x-RELEASE? on 4x-RELEASE, i've set up ipfilter successfully, following the procedures outlined at schlacter.net to set up ipfilter. i'm basically following the same procedures here, with unexpected results. any advice would be appreciated thanks redmond --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/M0YOFNjun16SvHYRAidPAJsHcG7UyePb3H04oXvesh/GrhwPDwCfT8ge gGtAaQNsWLeiiqcRfJ/P+u0= =KefZ -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q--