Date: Fri, 12 May 2000 09:11:55 +0200 From: Gianmarco Giovannelli <gmarco@scotty.masternet.it> To: Conrad Sabatier <conrads@home.com> Cc: vyger@proximaautomation.com, questions@FreeBSD.ORG, hackers@FreeBSD.ORG, esperti@gufi.org Subject: RE: ipfw and verbose mode Message-ID: <4.3.1.2.20000512090139.0279cab0@194.184.65.2> In-Reply-To: <XFMail.000511230733.conrads@home.com> References: <4.3.1.2.20000512030301.025a0340@194.184.65.4>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11/05/00, Conrad Sabatier wrote: >On 12-May-00 Gianmarco Giovannelli wrote: > > > > The problem is that ipfw, even if working, don't log me on > > the screen or in /var/log/messages the rules that are triggered > > (with the log keyword) like: > > > > ipfw -q add 10000 deny log ip from any to any > >I don't suppose it could be that you're using the "quiet" flag (-q)? >:-) No, I think the -q flag is used i.e. to disable output when the rules is set, not to disable the logging facilities. I am missing these kind of logging which I require with the "log" keyword: [3.4-stable] May 9 20:14:34 freebsd /kernel: ipfw: 10000 Deny ICMP:3.13 195.22.192.30 192.168.0.124 in via tun0 May 9 20:14:46 freebsd /kernel: ipfw: 10000 Deny ICMP:3.13 195.22.192.30 192.168.0.124 in via tun0 May 9 20:17:59 freebsd /kernel: ipfw: 10000 Deny ICMP:8.0 194.119.192.34 194.243.20.91 in via tun0 In 4.0-STABLE these kind of logging doesn't happen anymore, even if I set in the kernel options IPFIREWALL options IPFIREWALL_VERBOSE #print information about options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity (I repeat because I fw the message in -hackers mailing list) and even if ipfw logs the reached counter [4.0-stable] May 10 19:58:41 freebsd /kernel: ipfw: limit 100 reached on entry 10000 and my ipfw var are ok (I presume): sysctl -a [...] net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 100 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 1000 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 20 net.inet.ip.fw.dyn_rst_lifetime: 5 net.inet.ip.fw.dyn_short_lifetime: 5 [...] Thanks to everyone for attention... Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://www.giovannelli.it/~gmarco http://www2.masternet.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.2.20000512090139.0279cab0>