At 11/05/00, Conrad Sabatier wrote:
>On 12-May-00 Gianmarco Giovannelli wrote:
> >
> > The problem is that ipfw, even if working, don't log me on
> > the screen or in /var/log/messages the rules that are triggered
> > (with the log keyword) like:
> >
> > ipfw -q add 10000 deny log ip from any to any
>
>I don't suppose it could be that you're using the "quiet" flag (-q)?
>:-)
No, I think the -q flag is used i.e. to disable output when the rules is
set, not to disable the logging facilities.
I am missing these kind of logging which I require with the "log" keyword:
[3.4-stable]
May 9 20:14:34 freebsd /kernel: ipfw: 10000 Deny ICMP:3.13 195.22.192.30
192.168.0.124 in via tun0
May 9 20:14:46 freebsd /kernel: ipfw: 10000 Deny ICMP:3.13 195.22.192.30
192.168.0.124 in via tun0
May 9 20:17:59 freebsd /kernel: ipfw: 10000 Deny ICMP:8.0 194.119.192.34
194.243.20.91 in via tun0
In 4.0-STABLE these kind of logging doesn't happen anymore, even if I set
in the kernel
options IPFIREWALL
options IPFIREWALL_VERBOSE #print information about
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
(I repeat because I fw the message in -hackers mailing list)
and even if ipfw logs the reached counter
[4.0-stable]
May 10 19:58:41 freebsd /kernel: ipfw: limit 100 reached on entry 10000
and my ipfw var are ok (I presume):
sysctl -a
[...]
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 100
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 1000
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 20
net.inet.ip.fw.dyn_rst_lifetime: 5
net.inet.ip.fw.dyn_short_lifetime: 5
[...]
Thanks to everyone for attention...
Best Regards,
Gianmarco Giovannelli , "Unix expert since yesterday"
http://www.giovannelli.it/~gmarco
http://www2.masternet.it
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
