Date: Sun, 17 May 1998 18:40:38 -0400 From: FreeBSD.lists@symmetron.com (FreeBSD Mailing Lists) To: "Charlie Root" <root@ftp1.mfn.org>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Possible bug in IPFW Message-ID: <000901bd81e4$d02f76a0$02baefce@mail.symmetron.com> In-Reply-To: <199805171900.OAA07502@ftp1.mfn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday, May 17, 1998 3:01 PM, Charlie Root said: <snip> > Here is the basic outline: > > (1) Rulesets. Allow this, that, blah, blah, blah... > (2) Final rule: 65500 deny log all from any to any > > So we bring up the filter machine, and start attacking it: <snip> > About half way through the "23 series" of scans (which would make it > about 750 connections attempted, it ceased logging (forever!) with the > following message: > > May 17 00:39:21 attackme /kernel: ipfw: 65500 Deny TCP > x.x.x.x:1065 me.me.me.me:23 in via de3 > > I have checked for disk space, which AFAIK has never exceeded 50% > usage on any > slice, and sure enough, the top user of space was at a mere 45%. > /var is at 3%. > > Except for the fact that it is no longer logging, it appears to > be ok: cron > is running and doing it's thing, it succeeded in backing itself > up last night, > and it still appears to be filtering, although *without* logging > bad packets. > > Should I be forwarding this to the bugs list, or have I missed something > very basic here? you might want to check your kernel to make sure you don't have a limit on your IPFW logging. the kernel option is IPFIREWALL_VERBOSE_LIMIT. while you are there, you might want to make sure the IPFIREWALL_VERBOSE option is enabled. -john --------------- John A. Shue 4000 Legato Road, Suite 600 Fairfax, VA 22033 (703) 591-5559 (703) 591-6337 FAX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901bd81e4$d02f76a0$02baefce>