Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Sep 2003 21:46:02 +0800
From:      <chael@southgate.ph.inter.net>
To:        "Wayne Pascoe" <freebsd-questions@penguinpowered.org>, <freebsd-questions@freebsd.org>
Subject:   Re: Logging and IPFW
Message-ID:  <001b01c376d8$b64f7520$490ea8cb@mrj>
References:  <20030909113447.GB17219@marvin.penguinpowered.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

just edit the rules concerned in rc.firewall to add the word "log" to rules
you want logged.

e.g. -- ${fwcmd} add pass log tcp from any to ${oip} 80 setup

and tail the /var/log/security instead of messages.

> Hi all,
>
> We're moving from ipfilter to ipfw. Since we no longer run multiple
> platforms, the benefits that we used to derive from ipfilter are
> declining. Add to this the problems we've had when running it as a
> module on 5.x (as opposed to compiled into the kernel), and we've
> decided to move to ipfw.
>
> I'm trying to setup logging with IPFW. I've not compiled IPFW into my
> kernel, but am instead using the ipfw.ko module.
>
> I have the following sysctl variables set:
> net.inet.ip.fw.verbose=1
> net.inet.tcp.log_in_vain=1
> net.inet.udp.log_in_vain=1
>
> However, I am still not seeing anything in /var/log/messages when I
> portscan the machine. The firewall appears to be working, as we receive
> nothing back on the portscanning machine, but I would like logging
> enabled.
>
> I have the following in /etc/rc.conf
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="CLIENT"
> firewall_quiet="NO"
> firewall_logging="YES"
>
> The only place I can see firewall_logging being used is in /etc/rc.conf
> and that is being used to set a sysctl variable :
>
> echo 'Firewall logging=YES'
> sysctl net.inet.ip.fw.verbose=1 >/dev/null
>
> any ideas on what I'm doing wrong here ?
>
> thanks in advance ,
>
> --
> Wayne Pascoe
> Look buddy, doesn't work is a strong statement.
> Does it sit on the couch all day? Is it making faces
> at you? Does it want more money? Please be specific!
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c376d8$b64f7520$490ea8cb>