From owner-freebsd-questions@FreeBSD.ORG Thu Aug 7 14:50:00 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D246E37B401 for ; Thu, 7 Aug 2003 14:50:00 -0700 (PDT) Received: from darkpossum.medill.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.51.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6A7643F3F for ; Thu, 7 Aug 2003 14:49:59 -0700 (PDT) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: from darkpossum.medill.northwestern.edu (0522618225d5e9f0d86559117637004a@localhost.medill.northwestern.edu [127.0.0.1])h77LfLCk062637 for ; Thu, 7 Aug 2003 16:41:21 -0500 (CDT) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: (from possum@localhost)h77LfLJq062636 for freebsd-questions@freebsd.org; Thu, 7 Aug 2003 16:41:21 -0500 (CDT) Date: Thu, 7 Aug 2003 16:41:20 -0500 From: Redmond Militante To: freebsd-questions@freebsd.org Message-ID: <20030807214120.GE61845@darkpossum> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VdOwlNaOFKGAtAAV" Content-Disposition: inline User-Agent: Mutt/1.4i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=1 X-DSS-PGP-Fingerprint: F9E7 AFEA 0209 B164 7F83 E727 5213 FAFA 1511 7836 X-High-Score-In-Unreal-Tournament: 7639 Subject: problems with ipfilter on 5.1-RELEASE X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Redmond Militante List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 21:50:01 -0000 --VdOwlNaOFKGAtAAV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options IPFILTER_LOG options IPFILTER_DEFAULT_BLOCK my /etc/rc.conf looks like ipfilter_enable="YES" ipfilter_flags="" ipfilter_rules="/etc/ipfilter.rules" ipmon_enable="YES" ipmon_flags="-Dsvn" the other problem i have is that: it now seems that ipmon is logging to /var/log/messages. i've set up ipfilter successfully on many freebsd 4x boxes, but this is the first time i've tried to set it up on 5x. in my /etc/syslog.conf i have local0.* /var/log/firewall_logs *.notice;local0.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages am i missing some things that i should be doing to set up ipfilter on 5x-RELEASE. on 4x-RELEASE, i've followed the procedures outlined at schlacter.net to set up ipfilter. i'm basically following the same procedures here, with unexpected results. any advice would be appreciated thanks redmond --VdOwlNaOFKGAtAAV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/MseAFNjun16SvHYRAlBsAKCxK5ubhUMNZ2FZjEceEBa9vechrQCdEppC Tuf/Jff+Xsy1nGBzD/MLH4M= =/tQf -----END PGP SIGNATURE----- --VdOwlNaOFKGAtAAV--