On Monday 25 October 2004 16:46, Spades wrote: > error: > > # ipfw add 900 allow log all from any to any setup > ipfw: unknown argument ``setup''
setup is available only for TCP connections. So ipfw add allow log logamount 0 tcp from any to any setup would be the correct one. But this is hardly what you want to do, since it matches only the three-way handshake TCP does. The rest of the stream will be dropped if your last rule(65535) is the default one (deny ip from any to any) This will log every TCP connection setup, and let the rest of the stream flow: allow log logamount 0 tcp from any to any setup allow tcp from any to any BUT this is not a firewall setup. It's just a TCP connection logger. You should do a little reading about TCP/IP, in order to understand how to setup a firewall. Cheers, NikV > > ----- Original Message ----- > From: "Sergey Zaharchenko" <[EMAIL PROTECTED]> > To: "Spades" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, October 25, 2004 9:34 PM > Subject: Re: ipfw flooding in /var/log/ipfw.log > On Mon, Oct 25, 2004 at 06:31:49PM +0800, > > Spades probably wrote: > > this is my ipfw.rule for now > > # ipfw add 900 allow log all from any to any > > <snip> > > > It will keep spitting this 2 lines as long i'm connected, how do i make > > it such as it will log only one instance? > > You might want to change the rule to > > # ipfw add 900 allow log all from any to any setup > ^^^^^ > which only logs the (attempts to) set up a connection (the initail SYN > packets). man ipfw has some interesting information on this. > > HTH, _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
