Date: Tue, 12 Feb 2019 09:37:55 -0500 From: Ernie Luzar <luzar722@gmail.com> To: "Rudy (bulk address)" <crapsh@monkeybrains.net> Cc: jail@freebsd.org Subject: Re: "ipfw log" messages from jail show in host syslog Message-ID: <5C62DA43.8050202@gmail.com> In-Reply-To: <2331cedc410f2123b2a0e142f81bf92e.squirrel@mail.monkeybrains.net> References: <2331cedc410f2123b2a0e142f81bf92e.squirrel@mail.monkeybrains.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Rudy (bulk address) wrote: > I've switched to VNET (love it) in jails. Neat, you an have ipfw running > in your jail! > > I added some log lines to test it out and was a bit confused when > /var/log/security wasn't showing the log lines. Turns out, the kernel is > grabbing them and logging in the host and not the chrooted environment. > > Bug? Feature? :) > > Rudy > This is a known bug problem. There is a PR about this filed a few years ago. Now here is the good news. There is a simple solution. IPFW has the option to use an un-documented log file named ipfw0. When this log file is used in a vnet jail, IPFW does log to it at /var/log/security in the vnet jail. Add this to the rc.conf file of the vnet jail and restart the vnet jail to activate. firewall_logging ="NO" firewall_logif="YES" nohup tcpdump -lnti ipfw0 | logger -t jailname -p security.info & I am having network problems configuring my vnet jail on 12.0, using bridge/epair with ipfw/nated. I sure would appreciate your help in figuring out what is incorrect with my setup. If your agreeable, contact me off list. Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5C62DA43.8050202>