Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 21 May 2006 16:16:53 +0300
From:      Lasse K H <lapeb@soul.lut.fi>
To:        freebsd-sparc64@freebsd.org
Subject:   [5.5-RC1] ipfilter/ipmon not logging anything?
Message-ID:  <20060521131653.GA17501@soul.lut.fi>
next in thread | raw e-mail | index | archive | help 
Hi.

I can't get my Ultra-10 to log any ipfilter messages.
Can somebody help?

regards,
Lasse


-----------------------------------------------------
kernel version:
FreeBSD riksu 5.5-RC1 FreeBSD 5.5-RC1 #0: Sat May 20 19:22:00 EEST 2006     lkh@riksu:/usr/src/sys/sparc64/compile/LOCAL.01  sparc64


$ grep "^options IPF" /usr/src/sys/sparc64/conf/LOCAL.01
options IPFILTER
options IPFILTER_LOG
options IPFILTER_DEFAULT_BLOCK


boot messages:
IP Filter: v3.4.35 initialized.  Default = block all, Logging = enabled
Enabling ipfilter.
Starting ipmon.
Starting syslogd.


/etc/syslog.conf:
*.*				/var/log/all.log
security.*			/var/log/ipfilter.log


/etc/rc.conf:
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"


ps:
root    152  0.0  0.4  3728  2064  ??  Ss   10:32AM   0:00.04 /sbin/ipmon -Ds
root    257  0.0  0.2  3808  1144  ??  Ss   10:32AM   0:00.07 /usr/sbin/syslogd -s


/etc/ipf.rules:
pass in quick on lo0 all
pass out quick on lo0 all
#
pass out quick on hme0 proto tcp from any to $MY-DNS-IP port = 53 flags S keep state
pass out quick on hme0 proto udp from any to $MY-DNS-IP port = 53 keep state
pass out quick on hme0 proto tcp from any to any flags S keep state
#
pass in log first quick on hme0 proto tcp from any to any port = 22 flags S keep state
#
block in log first quick on hme0 all
block in log first quick on hme1 all


ipfstat -h:
 IPv6 packets:          in 0 out 4
 input packets:         blocked 5008 passed 41062 nomatch 0 counted 0 short 0
output packets:         blocked 4 passed 36156 nomatch 4 counted 0 short 0
 input packets logged:  blocked 5008 passed 25
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 4953 output 0
fragment state(in):     kept 0  lost 0  not fragmented 0
fragment state(out):    kept 0  lost 0  not fragmented 0
packet state(in):       kept 25 lost 0
packet state(out):      kept 88 lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  12      (out):  0
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
        none

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060521131653.GA17501>