On Mon, Mar 21, 2016 at 12:31 PM, Wout Decré <w...@canodus.be> wrote:
> On Mon, 2016-03-21 at 11:38 -0400, Chris Jordan wrote: > > I'm coming back to FreeBSD after many years away and I am setting up a > new > > system with 10-2-release. > > > > I was reading through Handbook section 29.4.1 "Enabling IPFW" and it > says: > > "To enable logging, include this line in > > /etc/rc.conf: firewall_logging="YES"". That didn't seem to work for me, > so > > I went looking through /etc/rc.firewall, and found it's looking for a > line > > like "firewall_logdeny="YES" instead, but it's only checking for that for > > the case where firewall_type="workstation". > > IPFW logging is enabled in /etc/rc.d/ipfw: > > if checkyesno firewall_logging; then > echo 'Firewall logging enabled.' > sysctl net.inet.ip.fw.verbose=1 >/dev/null > fi > > Should work putting firewall_logging="YES" in rc.conf. By default, logs > are written to /var/log/security. > > Ah, I see, thanks. The difference is that when I set "firewall_logdeny="YES"" in rc.conf, then /etc/rc.firewall both sets net.inet,ip.fw.verbose=1 and sets a firewall rule for "65500 deny log logamount 500 ip from any to any", while if I set "firewall_logging="YES"" then the firewall rule is "65500 deny ip from any to any" so nothing gets logged. I suppose it's not a problem if you're modifying /etc/rc.firewall to set your own rules anyway, but in the simple case it's a bit unclear. I've only tried it where "firewall_type="workstation"", the other firewall_types appear to have different default logging behavior. Chris Jordan _______________________________________________ freebsd-doc@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "freebsd-doc-unsubscr...@freebsd.org"
