From owner-freebsd-questions@FreeBSD.ORG Tue Sep 9 04:22:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41DDF16A4BF for ; Tue, 9 Sep 2003 04:22:40 -0700 (PDT) Received: from smtp.mailbox.co.uk (smtp.mailbox.net.uk [195.82.125.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id E809A43FE0 for ; Tue, 9 Sep 2003 04:22:38 -0700 (PDT) (envelope-from wayne@penguinpowered.org) Received: from [212.18.244.168] (helo=marvin.penguinpowered.org) by smtp.mailbox.co.uk with esmtp (Exim 3.36 #1) id 19wgZx-000373-00 for freebsd-questions@freebsd.org; Tue, 09 Sep 2003 12:22:37 +0100 Received: by marvin.penguinpowered.org (Postfix, from userid 1001) id B36B715240; Tue, 9 Sep 2003 12:34:47 +0100 (BST) Date: Tue, 9 Sep 2003 12:34:47 +0100 From: Wayne Pascoe To: freebsd-questions@freebsd.org Message-ID: <20030909113447.GB17219@marvin.penguinpowered.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-System: FreeBSD i386 with kernel 4.9-PRERELEASE Subject: Logging and IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2003 11:22:40 -0000 Hi all, We're moving from ipfilter to ipfw. Since we no longer run multiple platforms, the benefits that we used to derive from ipfilter are declining. Add to this the problems we've had when running it as a module on 5.x (as opposed to compiled into the kernel), and we've decided to move to ipfw. I'm trying to setup logging with IPFW. I've not compiled IPFW into my kernel, but am instead using the ipfw.ko module. I have the following sysctl variables set: net.inet.ip.fw.verbose=1 net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1 However, I am still not seeing anything in /var/log/messages when I portscan the machine. The firewall appears to be working, as we receive nothing back on the portscanning machine, but I would like logging enabled. I have the following in /etc/rc.conf firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="CLIENT" firewall_quiet="NO" firewall_logging="YES" The only place I can see firewall_logging being used is in /etc/rc.conf and that is being used to set a sysctl variable : echo 'Firewall logging=YES' sysctl net.inet.ip.fw.verbose=1 >/dev/null any ideas on what I'm doing wrong here ? thanks in advance , -- Wayne Pascoe Look buddy, doesn't work is a strong statement. Does it sit on the couch all day? Is it making faces at you? Does it want more money? Please be specific!