From owner-freebsd-sparc64@FreeBSD.ORG Sun May 21 13:16:49 2006 Return-Path: X-Original-To: freebsd-sparc64@freebsd.org Delivered-To: freebsd-sparc64@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33CA916A424 for ; Sun, 21 May 2006 13:16:49 +0000 (UTC) (envelope-from lkh@soul.lut.fi) Received: from soul.lut.fi (soul.lut.fi [157.24.101.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC26843D4C for ; Sun, 21 May 2006 13:16:48 +0000 (GMT) (envelope-from lkh@soul.lut.fi) Received: by soul.lut.fi (Postfix, from userid 256) id 7AA1E2F046; Sun, 21 May 2006 16:16:53 +0300 (EEST) Date: Sun, 21 May 2006 16:16:53 +0300 From: Lasse K H To: freebsd-sparc64@freebsd.org Message-ID: <20060521131653.GA17501@soul.lut.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Subject: [5.5-RC1] ipfilter/ipmon not logging anything? X-BeenThere: freebsd-sparc64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Lasse K H List-Id: Porting FreeBSD to the Sparc List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 May 2006 13:16:49 -0000 Hi. I can't get my Ultra-10 to log any ipfilter messages. Can somebody help? regards, Lasse ----------------------------------------------------- kernel version: FreeBSD riksu 5.5-RC1 FreeBSD 5.5-RC1 #0: Sat May 20 19:22:00 EEST 2006 lkh@riksu:/usr/src/sys/sparc64/compile/LOCAL.01 sparc64 $ grep "^options IPF" /usr/src/sys/sparc64/conf/LOCAL.01 options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK boot messages: IP Filter: v3.4.35 initialized. Default = block all, Logging = enabled Enabling ipfilter. Starting ipmon. Starting syslogd. /etc/syslog.conf: *.* /var/log/all.log security.* /var/log/ipfilter.log /etc/rc.conf: ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Ds" ps: root 152 0.0 0.4 3728 2064 ?? Ss 10:32AM 0:00.04 /sbin/ipmon -Ds root 257 0.0 0.2 3808 1144 ?? Ss 10:32AM 0:00.07 /usr/sbin/syslogd -s /etc/ipf.rules: pass in quick on lo0 all pass out quick on lo0 all # pass out quick on hme0 proto tcp from any to $MY-DNS-IP port = 53 flags S keep state pass out quick on hme0 proto udp from any to $MY-DNS-IP port = 53 keep state pass out quick on hme0 proto tcp from any to any flags S keep state # pass in log first quick on hme0 proto tcp from any to any port = 22 flags S keep state # block in log first quick on hme0 all block in log first quick on hme1 all ipfstat -h: IPv6 packets: in 0 out 4 input packets: blocked 5008 passed 41062 nomatch 0 counted 0 short 0 output packets: blocked 4 passed 36156 nomatch 4 counted 0 short 0 input packets logged: blocked 5008 passed 25 output packets logged: blocked 0 passed 0 packets logged: input 0 output 0 log failures: input 4953 output 0 fragment state(in): kept 0 lost 0 not fragmented 0 fragment state(out): kept 0 lost 0 not fragmented 0 packet state(in): kept 25 lost 0 packet state(out): kept 88 lost 0 ICMP replies: 0 TCP RSTs sent: 0 Invalid source(in): 0 Result cache hits(in): 12 (out): 0 IN Pullups succeeded: 0 failed: 0 OUT Pullups succeeded: 0 failed: 0 Fastroute successes: 0 failures: 0 TCP cksum fails(in): 0 (out): 0 Packet log flags set: (0) none