Date: Mon, 07 Jul 2003 17:31:42 -0400 From: Chuck Swiger <cswiger@mac.com> To: kientzle@acm.org Cc: freebsd-questions@freebsd.org Subject: Re: Logging packets dropped by IPFW Message-ID: <3F09E6BE.90309@mac.com> In-Reply-To: <3F09E48B.3020300@acm.org> References: <3F09E48B.3020300@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Kientzle wrote: > Is there any way to generate log information > about the packets dropped by IPFW? The 'log' > modifier doesn't seem to do anything on my > system right now <sigh>, though from what I can tell, > it's supposed to only log the rule that was > triggered, which isn't the same thing at all. Did you recompile your kernel with these options: options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity ...? Also consider: sysctl net.inet.tcp.log_in_vain=1 sysctl net.inet.udp.log_in_vain=1 -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F09E6BE.90309>