Date: Wed, 3 Oct 2012 09:51:50 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: freebsd-ipfw@freebsd.org Subject: logging tablearg ?? Message-ID: <CAHu1Y71DKyxs1D_aePOcqbdQdXC4-OpSL6%2Bo5ETmDkHcRW0CQg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Julian Elischer (and possibly others) - on 8.3-RELEASE-p4... I have a table with ca. 84,000 networks, and the table arg is a classifier based on criteria the firewall ruleset doesn't care about - but I really would like to log the data. I've discovered that logging the lookup command doesn't log the table arg, just the src-ip ipfw add 500 skipto 65000 log logamount 0 lookup src-ip 1 log entry looks like: Oct 3 16:41:49 fedallah kernel: ipfw: 500 SkipTo 65000 TCP 69.109.215.188:53297 10.160.78.12:3222 in via xn0 Of course I don't have any reason to expect this to work, since it's an aspirational use of the mechanism. But I think it might be powerful and useful for folks who actually use firewall logs in support of IDS/IPS etc. - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y71DKyxs1D_aePOcqbdQdXC4-OpSL6%2Bo5ETmDkHcRW0CQg>