Date: Sat, 09 Aug 2014 10:15:10 -0400 From: Mike Tancsa <mike@sentex.net> To: "William A. Mahaffey III" <wam@hiwaay.net>, "FreeBSD Questions !!!!" <freebsd-questions@freebsd.org> Subject: Re: ipfw question .... Message-ID: <53E62CEE.7060202@sentex.net> In-Reply-To: <53E62D07.2030703@hiwaay.net> References: <53E62D07.2030703@hiwaay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/9/2014 10:15 AM, William A. Mahaffey III wrote: > > > Why is there a limit on the # of logged denials by ipfw ? The limit is there to prevent conditions where syslog would be overwhelmed with hits, as in the case for example of a DoS. You can change it as discussed in the man pages If net.inet.ip.fw.verbose is set to 1, packets will be logged to syslogd(8) with a LOG_SECURITY facility up to a maximum of logamount packets. If no logamount is specified, the limit is taken from the sysctl variable net.inet.ip.fw.verbose_limit. In both cases, a value of 0 means unlimited logging. Once the limit is reached, logging can be re-enabled by clearing the logging counter or the packet counter for that entry, see the resetlog command. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53E62CEE.7060202>