From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 7 16:08:18 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E77F16A4CE for ; Tue, 7 Sep 2004 16:08:18 +0000 (GMT) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 546B343D48 for ; Tue, 7 Sep 2004 16:08:17 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received-SPF: pass (mp2.macomnet.net: domain of maxim@macomnet.ru designates 127.0.0.1 as permitted sender) receiver=mp2.macomnet.net; client_ip=127.0.0.1; envelope-from=maxim@macomnet.ru; Received: from localhost (kphbwai7@localhost [127.0.0.1]) by mp2.macomnet.net (8.12.11/8.12.11) with ESMTP id i87G8EFA026572; Tue, 7 Sep 2004 20:08:15 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Tue, 7 Sep 2004 20:08:14 +0400 (MSD) From: Maxim Konovalov To: Ryan Sommers In-Reply-To: <57396.208.4.77.15.1094567534.squirrel@www2.neuroflux.com> Message-ID: <20040907200411.M26459@mp2.macomnet.net> References: <57396.208.4.77.15.1094567534.squirrel@www2.neuroflux.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-hackers@freebsd.org Subject: Re: IPFIREWALL_VERBOSE stopped logging? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 16:08:18 -0000 On Tue, 7 Sep 2004, 08:32-0600, Ryan Sommers wrote: > I'm trying to figure out why my firewall has stopped logging to > /var/log/security. The last entry was from Aug 17 and there has been at > least one restart and a few hundred thousand packets denied. > > FreeBSD ***** 5.2.1-RELEASE-p8 FreeBSD 5.2.1-RELEASE-p8 #1: Thu Jul 1 > 18:24:26 CDT 2004 root@moleman:/usr/obj/usr/src/sys/MOLEMAN i386 > > (root@node15):~:#ipfw list | tail -2 > 03000 deny log tcp from any to any in via xl0 setup > 65535 deny ip from any to any > > (root@node15):~:#sysctl net.inet.ip.fw > net.inet.ip.fw.enable: 1 > net.inet.ip.fw.autoinc_step: 100 > net.inet.ip.fw.one_pass: 1 > net.inet.ip.fw.debug: 1 > net.inet.ip.fw.verbose: 1 > net.inet.ip.fw.verbose_limit: 0 > (truncated) > > (root@node15):~:#grep security /etc/syslog.conf > security.* /var/log/security > > What am I missing? Previous ipfw rules, 'ipfw sh' instead of 'ipfw list' and a tail of the /var/log/security :-) -- Maxim Konovalov