From owner-freebsd-security Mon Sep 17 6:34: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by hub.freebsd.org (Postfix) with ESMTP id F3C2637B40E for ; Mon, 17 Sep 2001 06:33:57 -0700 (PDT) Received: from randy by rip.psg.com with local (Exim 3.33 #1) id 15iyX4-000FBj-00 for freebsd-security@freebsd.org; Mon, 17 Sep 2001 06:33:54 -0700 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: freebsd-security@freebsd.org Subject: ipfw logging to dmesg not /var/log/syslog Message-Id: Date: Mon, 17 Sep 2001 06:33:54 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org why is ipfw's logging in dmesg as opposed to /var/log/security? 4.4-RC [ some ip addresses changed ] # ipfw show 00100 98 3528 allow ip from 42.666.32.0/24 to any 00200 101 3780 allow ip from 42.666.42.0/24 to any 00300 3 185 allow ip from 42.666.49.0/24 to any 00400 1 36 deny icmp from any to 666.42.0.3 icmptype 8 00500 1 36 deny icmp from any to 666.42.0.4 icmptype 8 00600 7886 2583885 deny log logamount 100 icmp from any to 666.42.0.39 icmptype 8 00700 7435873 932696758 allow ip from any to any 65535 28 1803 deny ip from any to any # sysctl net.inet.ip.fw net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 100 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 1000 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 20 net.inet.ip.fw.dyn_rst_lifetime: 5 net.inet.ip.fw.dyn_short_lifetime: 30 # cat /var/log/security # -- from /etc/syslog.conf # Log all security messages to a separate file. security.* /var/log/security # dmesg ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 202.138.24.6 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 202.138.24.6 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 195.138.133.10 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 212.25.76.130 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 203.166.26.98 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 211.188.128.2 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 149.239.191.1 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 63.123.132.2 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.150 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 212.9.161.92 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 146.83.188.5 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 63.123.132.2 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.150 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 212.9.161.92 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 146.83.188.5 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 63.123.132.2 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.150 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 212.9.161.92 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0 ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message