From owner-freebsd-hackers Fri May 12 0:12:10 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from scotty.masternet.it (scotty.masternet.it [194.184.65.2]) by hub.freebsd.org (Postfix) with ESMTP id AD81037B9BC; Fri, 12 May 2000 00:12:04 -0700 (PDT) (envelope-from gmarco@scotty.masternet.it) Received: from suzy.scotty.masternet.it (modem35.masternet.it [194.184.65.45]) by scotty.masternet.it (8.9.3/8.9.3) with ESMTP id JAA14287; Fri, 12 May 2000 09:11:35 +0200 (CEST) (envelope-from gmarco@scotty.masternet.it) Message-Id: <4.3.1.2.20000512090139.0279cab0@194.184.65.2> X-Sender: gmarco@194.184.65.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Fri, 12 May 2000 09:11:55 +0200 To: Conrad Sabatier From: Gianmarco Giovannelli Subject: RE: ipfw and verbose mode Cc: vyger@proximaautomation.com, questions@FreeBSD.ORG, hackers@FreeBSD.ORG, esperti@gufi.org In-Reply-To: References: <4.3.1.2.20000512030301.025a0340@194.184.65.4> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 11/05/00, Conrad Sabatier wrote: >On 12-May-00 Gianmarco Giovannelli wrote: > > > > The problem is that ipfw, even if working, don't log me on > > the screen or in /var/log/messages the rules that are triggered > > (with the log keyword) like: > > > > ipfw -q add 10000 deny log ip from any to any > >I don't suppose it could be that you're using the "quiet" flag (-q)? >:-) No, I think the -q flag is used i.e. to disable output when the rules is set, not to disable the logging facilities. I am missing these kind of logging which I require with the "log" keyword: [3.4-stable] May 9 20:14:34 freebsd /kernel: ipfw: 10000 Deny ICMP:3.13 195.22.192.30 192.168.0.124 in via tun0 May 9 20:14:46 freebsd /kernel: ipfw: 10000 Deny ICMP:3.13 195.22.192.30 192.168.0.124 in via tun0 May 9 20:17:59 freebsd /kernel: ipfw: 10000 Deny ICMP:8.0 194.119.192.34 194.243.20.91 in via tun0 In 4.0-STABLE these kind of logging doesn't happen anymore, even if I set in the kernel options IPFIREWALL options IPFIREWALL_VERBOSE #print information about options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity (I repeat because I fw the message in -hackers mailing list) and even if ipfw logs the reached counter [4.0-stable] May 10 19:58:41 freebsd /kernel: ipfw: limit 100 reached on entry 10000 and my ipfw var are ok (I presume): sysctl -a [...] net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 100 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 1000 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 20 net.inet.ip.fw.dyn_rst_lifetime: 5 net.inet.ip.fw.dyn_short_lifetime: 5 [...] Thanks to everyone for attention... Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://www.giovannelli.it/~gmarco http://www2.masternet.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message