Date: Wed, 14 Jul 2004 08:40:38 -0400 From: Paul Chvostek <paul+fbsd@it.ca> To: Mohammad Reza <reza@mra.co.id> Cc: freebsd-net@freebsd.org Subject: Re: ipfw and log server Message-ID: <20040714124038.GA62342@it.ca> In-Reply-To: <D9E6E4026B15A14BAF6DDBF1E74F49247F2918@exchange.mra-holding.net> References: <D9E6E4026B15A14BAF6DDBF1E74F49247F2918@exchange.mra-holding.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 14, 2004 at 11:38:52AM +0700, Mohammad Reza wrote:
>
> I have trouble with my ipfw rules. My firewall server is logging server
> form my several mail gateway (syslogd)
> I want my ipfw rules to be default to deny,
> I add this rules before deny everything else
> ${fwcmd} add pass udp from {mail_gateway} to me 514 in via ${iif}
> keep-state
> but I cant no longer see my logging to firewall.
I'll assume the missing '$' before '{mail_gateway}', is just a
cut-and-paste error. ;)
Try adding a "log" directive to the deny rules that follow this allow
rule.
Alternately, add an explicit set of logging rules to identify the
traffic that's being missed by your allow rule. For example:
${fwcmd} add pass udp from ${mail_gateway} to me 514 in via ${iif}
${fwcmd} add count log udp from ${mail_gateway} to any 514
Then check your /var/log/security.
--
Paul Chvostek <paul@it.ca>
Operations / Abuse / Whatever
it.canada, hosting and development http://www.it.ca/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040714124038.GA62342>