From owner-freebsd-security Mon Oct 14 15: 2:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4766437B40B for ; Mon, 14 Oct 2002 15:02:42 -0700 (PDT) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0890343EB2 for ; Mon, 14 Oct 2002 15:02:42 -0700 (PDT) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id B1398154D5; Mon, 14 Oct 2002 14:58:50 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id AEF82154D3 for ; Mon, 14 Oct 2002 14:58:50 -0700 (PDT) Date: Mon, 14 Oct 2002 14:58:50 -0700 (PDT) From: Mike Hoskins To: freebsd-security@freebsd.org Subject: Re: FW: monitor ALL connections to ALL ports In-Reply-To: Message-ID: <20021014145602.K1231-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 14 Oct 2002, Maildrop wrote: > I put these rule in: > ipfw add count log all from any to any Is this rule before the other allow rules in your chain? Since the rule chain is parsed on a first-match basis, you'll either need this rule before all others or you'll need to add log entires to each of your other rules. > security.* /var/log/security By default, this logs anything dumped to syslog by ipfw via the log keyword. I think you're just being bitten by rule order. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message