Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Oct 2010 22:07:58 +0000 (UTC)
From:      Luigi Rizzo <luigi@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r213810 - head/sbin/ipfw
Message-ID:  <201010132207.o9DM7wcH002366@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: luigi
Date: Wed Oct 13 22:07:57 2010
New Revision: 213810
URL: http://svn.freebsd.org/changeset/base/213810

Log:
  document logging through bpf

Modified:
  head/sbin/ipfw/ipfw.8

Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8	Wed Oct 13 22:04:55 2010	(r213809)
+++ head/sbin/ipfw/ipfw.8	Wed Oct 13 22:07:57 2010	(r213810)
@@ -557,28 +557,33 @@ packet delivery.
 Note: this condition is checked before any other condition, including
 ones such as keep-state or check-state which might have side effects.
 .It Cm log Op Cm logamount Ar number
-When a packet matches a rule with the
+Packets matching a rule with the
 .Cm log
-keyword, a message will be
-logged to
+keyword will be made available for logging in two ways:
+if the sysctl variable
+.Va net.inet.ip.fw.verbose
+is set to 0 (default), one can use
+.Xr bpf 4
+attached to the
+.Xr ipfw0
+pseudo interface. There is no overhead if no 
+.Xr bpf
+is attached to the pseudo interface.
+.Pp
+If
+.Va net.inet.ip.fw.verbose
+is set to 1, packets will be logged to
 .Xr syslogd 8
 with a
 .Dv LOG_SECURITY
-facility.
-The logging only occurs if the sysctl variable
-.Va net.inet.ip.fw.verbose
-is set to 1
-(which is the default when the kernel is compiled with
-.Dv IPFIREWALL_VERBOSE )
-and the number of packets logged so far for that
-particular rule does not exceed the
+facility up to a maximum of
 .Cm logamount
-parameter.
+packets.
 If no
 .Cm logamount
 is specified, the limit is taken from the sysctl variable
 .Va net.inet.ip.fw.verbose_limit .
-In both cases, a value of 0 removes the logging limit.
+In both cases, a value of 0 means unlimited logging.
 .Pp
 Once the limit is reached, logging can be re-enabled by
 clearing the logging counter or the packet counter for that entry, see the

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010132207.o9DM7wcH002366>