Date: Tue, 04 Oct 2005 14:24:44 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: =?KOI8-R?Q?Arvinn_L=3Fkkebakken?= <arvinn@sandakerveien.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: limited logging when using limit Message-ID: <4342586C.2000100@yandex.ru> In-Reply-To: <433D1567.7020406@sandakerveien.net> References: <433D1567.7020406@sandakerveien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------040704030508040006090903
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Arvinn wrote:
> ipfw add pipe 5 log tcp from 200.0.0.0/7 to me dst-port 25 limit src-addr 2
> ipfw add allow log tcp from any to me dst-port 25 limit src-addr 10
>
> All I get in syslog is:
> Sep 30 11:14:40 hostname drop session, too many entries
You can try this patch. ipfw will be logging a session drops like following:
Oct 4 14:15:44 hostname kernel: ipfw: drop session, too many entries
(by rule 200)
--
WBR, Andrey V. Elsukov
--------------040704030508040006090903
Content-Type: text/plain;
name="netinet.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="netinet.diff"
--- sys/netinet/ip_fw2.c.orig Mon Sep 13 11:21:17 2004
+++ sys/netinet/ip_fw2.c Tue Oct 4 14:18:51 2005
@@ -1090,7 +1090,8 @@
if (fw_verbose && last_log != time_second) {
last_log = time_second;
log(LOG_SECURITY | LOG_DEBUG,
- "drop session, too many entries\n");
+ "ipfw: drop session, too many entries (by rule %d)\n",
+ rule->rulenum);
}
return 1;
}
--------------040704030508040006090903--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4342586C.2000100>