Date: Mon, 11 Mar 2019 15:04:02 +0000 (UTC) From: Tom Rhodes <trhodes@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52855 - head/en_US.ISO8859-1/books/handbook/firewalls Message-ID: <201903111504.x2BF42jD024840@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trhodes Date: Mon Mar 11 15:04:02 2019 New Revision: 52855 URL: https://svnweb.freebsd.org/changeset/doc/52855 Log: Note that, even if logging is enabled in rc.conf, IPFW rules still need the "log" keyword to create logs. Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D19513 Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sun Mar 10 15:22:54 2019 (r52854) +++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Mon Mar 11 15:04:02 2019 (r52855) @@ -1697,6 +1697,14 @@ block drop out quick on $ext_if from any to $martians< <screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen> + <warning> + <para>Only firewall rules with the <option>log</option> option will + be logged. The default rules do not include this option and it + must be manually added. Therefor it is advisable that the default + ruleset is edited for logging. In addition, log rotation may be + desired if the logs are stored in a separate file.</para> + </warning> + <para>There is no <filename>/etc/rc.conf</filename> variable to set logging limits. To limit the number of times a rule is logged per connection attempt, specify the number using this
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903111504.x2BF42jD024840>