From owner-freebsd-net@FreeBSD.ORG  Wed Jul 14 12:40:40 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4CF0316A4CE
	for <freebsd-net@freebsd.org>; Wed, 14 Jul 2004 12:40:40 +0000 (GMT)
Received: from haggis.it.ca (haggis.it.ca [216.126.86.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E658E43D1D
	for <freebsd-net@freebsd.org>; Wed, 14 Jul 2004 12:40:39 +0000 (GMT)
	(envelope-from paul@haggis.it.ca)
Received: from haggis.it.ca (paul@localhost [127.0.0.1])
	by haggis.it.ca (8.12.11/8.12.11) with ESMTP id i6ECecqS066007;
	Wed, 14 Jul 2004 08:40:38 -0400 (EDT)
	(envelope-from paul@haggis.it.ca)
Received: (from paul@localhost)
	by haggis.it.ca (8.12.11/8.12.6/Submit) id i6ECecLf066006;
	Wed, 14 Jul 2004 08:40:38 -0400 (EDT)
	(envelope-from paul)
Date: Wed, 14 Jul 2004 08:40:38 -0400
From: Paul Chvostek <paul+fbsd@it.ca>
To: Mohammad Reza <reza@mra.co.id>
Message-ID: <20040714124038.GA62342@it.ca>
References: <D9E6E4026B15A14BAF6DDBF1E74F49247F2918@exchange.mra-holding.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <D9E6E4026B15A14BAF6DDBF1E74F49247F2918@exchange.mra-holding.net>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-net@freebsd.org
Subject: Re: ipfw and  log server
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: freebsd-net@freebsd.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2004 12:40:40 -0000

On Wed, Jul 14, 2004 at 11:38:52AM +0700, Mohammad Reza wrote:
>  
> I have trouble with my ipfw rules. My firewall server is logging server
> form my several mail gateway (syslogd)
> I want my ipfw rules to be default to deny,
> I add this rules before deny everything else 
> ${fwcmd} add pass udp from {mail_gateway}  to me 514 in via ${iif}
> keep-state
> but I cant no longer see my logging to firewall.

I'll assume the missing '$' before '{mail_gateway}', is just a
cut-and-paste error.  ;)

Try adding a "log" directive to the deny rules that follow this allow
rule.

Alternately, add an explicit set of logging rules to identify the
traffic that's being missed by your allow rule.  For example:

  ${fwcmd} add pass udp from ${mail_gateway} to me 514 in via ${iif}
  ${fwcmd} add count log udp from ${mail_gateway} to any 514

Then check your /var/log/security.

-- 
  Paul Chvostek                                             <paul@it.ca>
  Operations / Abuse / Whatever
  it.canada, hosting and development                   http://www.it.ca/