Hi All After mucking around on a firewall problem on the other side of the world yesterday, the problem was that net.inet.ip.forwarding was set to off * the gateway_enable had been mangled in rc.conf). Packets were being received by the firewall kernel, and happily passed through the firewall ruleset as expected, they then dissapeared.
I thought it would be useful to have a sysctl knob which would allow one to cause these packets to be logged. From a security pov it would be interesting to know if people are trying to use you as a gateway? Now for the real question, does somethign like this already exist, and am I going to be re-inventing the whell if I add it to the kernel. I s the another way of doing this? Thanks Barry -- Barry Irwin [EMAIL PROTECTED] +27214875177 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
