Date: Sun, 17 May 1998 22:35:56 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Charlie Root <root@ftp1.mfn.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Possible bug in IPFW Message-ID: <355F583C.9FF500F1@tdx.co.uk> References: <199805171900.OAA07502@ftp1.mfn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Charlie Root wrote: > About half way through the "23 series" of scans (which would make it > about 750 connections attempted, it ceased logging (forever!) with the > following message: > > May 17 00:39:21 attackme /kernel: ipfw: 65500 Deny TCP x.x.x.x:1065 me.me.me.me:23 in via de3 > > I have checked for disk space, which AFAIK has never exceeded 50% usage on any > slice, and sure enough, the top user of space was at a mere 45%. /var is at 3%. > > Except for the fact that it is no longer logging, it appears to be ok: cron There is a limit you set in your kernel config for how many events to log on IPFW... If you look in your kernel config you'll probably have a line like: options "IPFIREWALL_VERBOSE_LIMIT=100" If you change the '100' (or whatever it is in your case) either to a higehr number, or '0' (which means always log) it should work OK... I use '0' here on all our machines (remembering to clear down the log file on a regular basis) and I've not noticed any problems... Regards, Karl Pielorz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?355F583C.9FF500F1>