Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Jul 2003 16:30:22 -0500
From:      "Micheal Patterson" <micheal@cancercare.net>
To:        <kientzle@acm.org>, <freebsd-questions@freebsd.org>
Subject:   Re: Logging packets dropped by IPFW
Message-ID:  <064501c344ce$fc4b9770$4df24243@tsgincorporated.com>
References:  <3F09E48B.3020300@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

----- Original Message ----- 
From: "Tim Kientzle" <kientzle@acm.org>
To: <freebsd-questions@freebsd.org>
Sent: Monday, July 07, 2003 4:22 PM
Subject: Logging packets dropped by IPFW


> Is there any way to generate log information
> about the packets dropped by IPFW?  The 'log'
> modifier doesn't seem to do anything on my
> system right now <sigh>, though from what I can tell,
> it's supposed to only log the rule that was
> triggered, which isn't the same thing at all.
>
> In particular, I'd like to know the protocol
> (TCP/UPD/ICMP) and port number for dropped packets.
>
> Tim Kientzle

Tim,

options         IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
options                IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity

You need the top option compiled in to enable logging of ipfw. The second
option would limit the amount of logging that is done until you do an ipfw
resetlog command.  I personally comment out the limit so that I can keep a
running history. This does take up more overhead on the system and disk
space, however, the need for the history outweighs this. When you're
logging, the dropped packs will show you the date/time, rule that denied /
accepted the entry, protocol used, source ip and port, and destination ip
and port.

(Jul  7 16:26:13 discovery /kernel: ipfw: 65000 Deny TCP 67.66.xxx.xxx:4170
67.xxx.xxx.xxx:80 in via fxp0)

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?064501c344ce$fc4b9770$4df24243>