From owner-freebsd-security Tue Jul 25 16: 9:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.il.home.com (ha1.rdc1.il.home.com [24.2.1.66]) by hub.freebsd.org (Postfix) with ESMTP id 0876237B712 for ; Tue, 25 Jul 2000 16:09:27 -0700 (PDT) (envelope-from stephen@math.missouri.edu) Received: from math.missouri.edu ([24.12.197.197]) by mail.rdc1.il.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20000725230926.EHGC23923.mail.rdc1.il.home.com@math.missouri.edu> for ; Tue, 25 Jul 2000 16:09:26 -0700 Message-ID: <397E1E25.FE8731E7@math.missouri.edu> Date: Tue, 25 Jul 2000 18:09:25 -0500 From: Stephen Montgomery-Smith X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.14 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: log with dynamic firewall rules Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would like to set up a firewall with dynamic rules to allow ssh from the outside. I would like these incoming ssh's logged. So I tried something like: ipfw add pass log tcp from any to my.computer.net 22 keep-state setup Now it would make sense to me that this would log the initial setup, but that the following times that the then created dynamic rule is invoked would not be logged. However that is not the case. All the tcp packets between the established conenction are logged. I know that I could have some rules: add pass tcp from any to any in via ${oif} established add pass all from any to any frag before this one, but doesn't that defeat part of the point of dynamic rules? -- Stephen Montgomery-Smith Department of Mathematics, University of Missouri, Columbia, MO 65211 Phone 573-882-4540, fax 573-882-1869 http://www.math.missouri.edu/~stephen stephen@math.missouri.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message