From owner-freebsd-isp Wed Mar 25 01:18:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA05508 for freebsd-isp-outgoing; Wed, 25 Mar 1998 01:18:16 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA05501 for ; Wed, 25 Mar 1998 01:18:13 -0800 (PST) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.8.7/8.8.7) with ESMTP id JAA21348 for ; Wed, 25 Mar 1998 09:18:12 GMT (envelope-from kpielorz@tdx.co.uk) Message-ID: <3518CBD4.96896C2D@tdx.co.uk> Date: Wed, 25 Mar 1998 09:18:12 +0000 From: Karl Pielorz Organization: TDX X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: isp@FreeBSD.ORG Subject: ipfw logging... Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there anyway with ipfw of it logging _all_ failed packets? - I have an ipfw config with a few specific 'log' entries in it, e.g. deny log any from 1.2.3.4 to 3.4.5.6 For really nasty things like external telnets to the box (even though the list is implicit deny) But I'd really like to see _ALL_ the failed packets logged - I'm thinking of adding a really high numbered rule (just 'above' the default rule) that says: deny log ip from any to any Is this going to work? - (I might have to increased the kernel's IPFIREWALL_VERBOSE_LIMIT I guess)... Anyone else have any comments? Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message