From owner-freebsd-questions@FreeBSD.ORG Tue Sep 9 05:10:11 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA92E16A4C0 for ; Tue, 9 Sep 2003 05:10:11 -0700 (PDT) Received: from smtp.mailbox.co.uk (smtp.mailbox.co.uk [195.82.125.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5183143FAF for ; Tue, 9 Sep 2003 05:10:10 -0700 (PDT) (envelope-from wayne@penguinpowered.org) Received: from [212.18.244.168] (helo=marvin.penguinpowered.org) by smtp.mailbox.co.uk with esmtp (Exim 3.36 #1) id 19whJw-0007Pc-00; Tue, 09 Sep 2003 13:10:08 +0100 Received: by marvin.penguinpowered.org (Postfix, from userid 1001) id AEEAF15240; Tue, 9 Sep 2003 13:22:18 +0100 (BST) Date: Tue, 9 Sep 2003 13:22:18 +0100 From: Wayne Pascoe To: John Birrell Message-ID: <20030909122218.GA17321@marvin.penguinpowered.org> References: <20030909113447.GB17219@marvin.penguinpowered.org> <20030909114214.GC49415@freebsd1.cimlogic.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030909114214.GC49415@freebsd1.cimlogic.com.au> User-Agent: Mutt/1.4.1i Sender: wayne@penguinpowered.org X-System: FreeBSD i386 with kernel 4.9-PRERELEASE cc: freebsd-questions@freebsd.org Subject: Re: Logging and IPFW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Sep 2003 12:10:11 -0000 On Tue, Sep 09, 2003 at 09:42:14PM +1000, John Birrell wrote: > On Tue, Sep 09, 2003 at 12:34:47PM +0100, Wayne Pascoe wrote: > > However, I am still not seeing anything in /var/log/messages when I > > portscan the machine. The firewall appears to be working, as we receive > > nothing back on the portscanning machine, but I would like logging > > enabled. > > Have you added the 'log' keyword to your rules? > > e.g: > > # Reject&Log all setup of incoming connections from the outside > ${fwcmd} add deny log tcp from any to any in via ${oif} setup > > The log entries will be written to /var/log/security. I tried changing the rc.firewall script so that the last line in the CLIENT section read ${fwcmd} add 65535 deny ip from any to any log but ipfw list still just showd 65535 deny ip from any to any log where should that rule with the log go in the list ? Before the last line ? Should I add a rule before 65535 that logs things ? Thanks, -- Wayne Pascoe 'tis far easier to get forgiveness than it is to get permission - probably someone famous, but more often, my Dad.