Re: Logging packets dropped by IPFW

Tim Kientzle Mon, 07 Jul 2003 14:56:24 -0700

Tim Kientzle wrote:

Micheal Patterson wrote:
----- Original Message -----

>> From: "Tim Kientzle" <[EMAIL PROTECTED]>

Subject: Logging packets dropped by IPFW
Is there any way to generate log information
about the packets dropped by IPFW?  The 'log'
modifier doesn't seem to do anything ...
options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
Thanks, Micheal.  The manpage didn't
mention that logging was a compile-time
option; I'm recompiling now...


Took another very careful look at the manpage,
and discovered that recompiling wasn't necessary
after all:

# sysctl net.inet.ip.fw.verbose=1

suffices to turn it on.  The IPFIREWALL_VERBOSE
compile option just changes the default for this sysctl.
Make this permanent by adding the line:

net.inet.ip.fw.verbose=1

to /etc/sysctl.conf.

Tim

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Logging packets dropped by IPFW

Reply via email to