just edit the rules concerned in rc.firewall to add the word "log" to rules
you want logged.
e.g. -- ${fwcmd} add pass log tcp from any to ${oip} 80 setup
and tail the /var/log/security instead of messages.
> Hi all,
>
> We're moving from ipfilter to ipfw. Since we no longer run multiple
> platforms, the benefits that we used to derive from ipfilter are
> declining. Add to this the problems we've had when running it as a
> module on 5.x (as opposed to compiled into the kernel), and we've
> decided to move to ipfw.
>
> I'm trying to setup logging with IPFW. I've not compiled IPFW into my
> kernel, but am instead using the ipfw.ko module.
>
> I have the following sysctl variables set:
> net.inet.ip.fw.verbose=1
> net.inet.tcp.log_in_vain=1
> net.inet.udp.log_in_vain=1
>
> However, I am still not seeing anything in /var/log/messages when I
> portscan the machine. The firewall appears to be working, as we receive
> nothing back on the portscanning machine, but I would like logging
> enabled.
>
> I have the following in /etc/rc.conf
> firewall_enable="YES"
> firewall_script="/etc/rc.firewall"
> firewall_type="CLIENT"
> firewall_quiet="NO"
> firewall_logging="YES"
>
> The only place I can see firewall_logging being used is in /etc/rc.conf
> and that is being used to set a sysctl variable :
>
> echo 'Firewall logging=YES'
> sysctl net.inet.ip.fw.verbose=1 >/dev/null
>
> any ideas on what I'm doing wrong here ?
>
> thanks in advance ,
>
> --
> Wayne Pascoe
> Look buddy, doesn't work is a strong statement.
> Does it sit on the couch all day? Is it making faces
> at you? Does it want more money? Please be specific!
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
>
>
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
