From owner-freebsd-bugs@FreeBSD.ORG  Tue Feb 10 16:00:18 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 193D816A4CF
	for <freebsd-bugs@freebsd.org>; Tue, 10 Feb 2004 16:00:18 -0800 (PST)
Received: from smtp.web.de (smtp05.web.de [217.72.192.209])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF93943D1D
	for <freebsd-bugs@freebsd.org>; Tue, 10 Feb 2004 16:00:17 -0800 (PST)
	(envelope-from Friedemann.Becker@web.de)
Received: from ulm9-d9bb5111.pool.mediaways.net ([217.187.81.17] helo=web.de)
	by smtp.web.de with asmtp (TLSv1:RC4-MD5:128)
	(WEB.DE 4.99 #605)
	id 1Aqhnb-0001n6-00; Wed, 11 Feb 2004 01:00:15 +0100
Message-ID: <40297213.70809@web.de>
Date: Wed, 11 Feb 2004 01:06:43 +0100
From: Friedemann Becker <Friedemann.Becker@web.de>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030817
X-Accept-Language: de-de, de, en-us, en
MIME-Version: 1.0
To: joe <barbish3@adelphia.net>, freebsd-bugs@freebsd.org
References: <200402091845.i19IjvEU041995@www.freebsd.org>
In-Reply-To: <200402091845.i19IjvEU041995@www.freebsd.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: Friedemann.Becker@web.de
Subject: Re: kern/62598: no logging on ipfw loadable module
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2004 00:00:18 -0000

joe wrote:
>>Number:         62598
>>Category:       kern
 >[...]
> 
>    By original design, it's not suppose to be an mandatory requirement that you enable 
 > IPFW by compiling it's options into your customized FBSD kernel. IPFW
 > is included in the basic FBSD install as a separate run time loadable 
module.
 > For some unknown reason the loadable module was compiled with, 
logging disabled
 > This means the loadable IPFW module has absolutely no logging 
available. This
 > configuration is non-logical, does not reflect the needs of the 
majority of
 > IPFW users, and is pretty much useless. A firewall without logging 
ability is
 > just plain unheard of.

the precompiled module comes with preset compile time options, but have 
you tried the the corresponding sysctl variables in net.inet.ip.fw, 
especially net.inet.ip.fw.verbose and net.inet.ip.fw.verbose_limit?

see the manpage, section "RULE FORMAT", command "log", for details


Friedemann