Date: Mon, 07 Jul 2003 15:00:03 -0700 From: Tim Kientzle <kientzle@acm.org> Cc: freebsd-questions@freebsd.org Subject: Re: Logging packets dropped by IPFW Message-ID: <3F09ED63.1060102@acm.org> References: <3F09E48B.3020300@acm.org> <064501c344ce$fc4b9770$4df24243@tsgincorporated.com> <3F09E852.1020904@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Kientzle wrote: > Micheal Patterson wrote: >> ----- Original Message ----- >> From: "Tim Kientzle" <kientzle@acm.org> >> Subject: Logging packets dropped by IPFW >> >>> Is there any way to generate log information >>> about the packets dropped by IPFW? The 'log' >>> modifier doesn't seem to do anything ... > >> options IPFIREWALL_VERBOSE #enable logging to syslogd(8) >> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > > Thanks, Micheal. The manpage didn't > mention that logging was a compile-time > option; I'm recompiling now... Took another very careful look at the manpage, and discovered that recompiling wasn't necessary after all: # sysctl net.inet.ip.fw.verbose=1 suffices to turn it on. The IPFIREWALL_VERBOSE compile option just changes the default for this sysctl. Make this permanent by adding the line: net.inet.ip.fw.verbose=1 to /etc/sysctl.conf. Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F09ED63.1060102>