From owner-freebsd-ipfw@FreeBSD.ORG Mon May 20 03:27:22 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id BDE171E4; Mon, 20 May 2013 03:27:22 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 97E5E909; Mon, 20 May 2013 03:27:22 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4K3RMC7081340; Mon, 20 May 2013 03:27:22 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4K3RMot081339; Mon, 20 May 2013 03:27:22 GMT (envelope-from linimon) Date: Mon, 20 May 2013 03:27:22 GMT Message-Id: <201305200327.r4K3RMot081339@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Subject: Re: kern/178482: [ipfw] logging problem from vnet jail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 03:27:22 -0000 Old Synopsis: ipfw logging problem from vnet jail New Synopsis: [ipfw] logging problem from vnet jail Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon May 20 03:26:47 UTC 2013 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=178482 From owner-freebsd-ipfw@FreeBSD.ORG Mon May 20 03:27:47 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 82DA3277; Mon, 20 May 2013 03:27:47 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 5930B91F; Mon, 20 May 2013 03:27:47 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4K3Rlm0081398; Mon, 20 May 2013 03:27:47 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4K3RlHi081394; Mon, 20 May 2013 03:27:47 GMT (envelope-from linimon) Date: Mon, 20 May 2013 03:27:47 GMT Message-Id: <201305200327.r4K3RlHi081394@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Subject: Re: kern/178480: [ipfw] dynamically loaded ipfw with a vimage kernel don't work. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 03:27:47 -0000 Old Synopsis: dynamically loaded ipfw with a vimage kernel don't work. New Synopsis: [ipfw] dynamically loaded ipfw with a vimage kernel don't work. Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Mon May 20 03:27:30 UTC 2013 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=178480 From owner-freebsd-ipfw@FreeBSD.ORG Mon May 20 11:06:48 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3C02D594 for ; Mon, 20 May 2013 11:06:48 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 2CE71DB0 for ; Mon, 20 May 2013 11:06:48 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4KB6m0h082929 for ; Mon, 20 May 2013 11:06:48 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4KB6lae082927 for freebsd-ipfw@FreeBSD.org; Mon, 20 May 2013 11:06:47 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 20 May 2013 11:06:47 GMT Message-Id: <201305201106.r4KB6lae082927@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 11:06:48 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/178482 ipfw [ipfw] logging problem from vnet jail o kern/178480 ipfw [ipfw] dynamically loaded ipfw with a vimage kernel do o kern/178317 ipfw [ipfw] ipfw options need to specifed in specific order o kern/177948 ipfw [ipfw] ipfw fails to parse port ranges (p1-p2) for udp o kern/176503 ipfw [ipfw] ipfw layer2 problem o kern/169206 ipfw [ipfw] ipfw does not flush entries in table o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipfw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 43 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed May 22 13:50:02 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A363617C for ; Wed, 22 May 2013 13:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 951D8238 for ; Wed, 22 May 2013 13:50:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4MDo1BM002964 for ; Wed, 22 May 2013 13:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4MDo178002963; Wed, 22 May 2013 13:50:01 GMT (envelope-from gnats) Date: Wed, 22 May 2013 13:50:01 GMT Message-Id: <201305221350.r4MDo178002963@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org Cc: From: Ian Smith Subject: Re: kern/178482: [ipfw] logging problem from vnet jail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Ian Smith List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 May 2013 13:50:02 -0000 The following reply was made to PR kern/178482; it has been noted by GNATS. From: Ian Smith To: bug-followup@FreeBSD.org, fbsd8@a1poweruser.com Cc: Subject: Re: kern/178482: [ipfw] logging problem from vnet jail Date: Wed, 22 May 2013 23:44:40 +1000 > 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in. > vnet jails running ipfw are logging to the host security file and > don't log any ipfw log messages to the hosts message file. Secondly > the vnet jails security and messages files never get populated with > ipfw log messages. Logging to the host's syslog rather than the jail's appears to be the main/real issue here, confirmed and demonstrated by Anders Hagman, see http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-May/005398.html > logger command works. logged msg in both security and messages on > host > vnet jail can ping the public internet. > Hosts security file has log messages from both jail and host. > ipfw log messages are not being put into the hosts messages file. Apart from certain admin messages such as ipfw initialisation, 'limit N reached on rule X' and 'Entry X logging count reset.' ipfw log messages are never written to /var/log/messages but only to /var/log/security. Since you set verbose_limit=0, you shouldn't expect to see anything from ipfw in /var/log/messages, on either host or jail. > # /root >/var/log/security > empty file > > # /root >cat /var/log/messages > empty file Strange that there were not even normal bootup messages on the host? The rest serves to demonstrate the vnet jail logging-to-host issue. Ian From owner-freebsd-ipfw@FreeBSD.ORG Wed May 22 17:07:24 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 6B36FE67; Wed, 22 May 2013 17:07:24 +0000 (UTC) (envelope-from spil.oss@gmail.com) Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) by mx1.freebsd.org (Postfix) with ESMTP id 2B1076BB; Wed, 22 May 2013 17:07:24 +0000 (UTC) Received: by mail-ie0-f181.google.com with SMTP id x12so5653100ief.40 for ; Wed, 22 May 2013 10:07:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=1evGyC8jYqPWu1DWxgJlcXMgt3NmcXQvV62DcSdLQJo=; b=c3oAPpzgdky2D+u2OrNj+i8BpUUoJqOQ08b4f9eUsvhiNz6K7jodPc2v0mLolc6Qq/ IcDhNzx2PSxe614IbzpdcKKr/E2NpaiW7UixdzQFMrf3P7iddH7CEhNHrBLkbI1BPmVc W/9jQr2wKCcPj8MZbt9lNxSX+9orGuReXEYHWtLv/LTT5EExq+VQZWAdFux8mVPmR3d4 y4GWMxQTNrcaVr6APx6IuG+k/1gBe8sP2NZCN/ZOnnTL4udUH+rz/DtaobSVDZ7lTw/U YCYmelgzJsS8O2iCOgoIJ1tU+txpGVNcildVTG5HR+I89xnU5ty4sgHYfjhnejdaTVyA DxAg== MIME-Version: 1.0 X-Received: by 10.42.27.208 with SMTP id k16mr7165866icc.43.1369242443906; Wed, 22 May 2013 10:07:23 -0700 (PDT) Received: by 10.42.189.4 with HTTP; Wed, 22 May 2013 10:07:23 -0700 (PDT) In-Reply-To: <20130513043639.GA1480@michelle.cdnetworks.com> References: <20130415015850.Y56386@sola.nimnet.asn.au> <20130415160625.K56386@sola.nimnet.asn.au> <20130417133637.W56386@sola.nimnet.asn.au> <20130510200409.GT15182@FreeBSD.org> <20130513043639.GA1480@michelle.cdnetworks.com> Date: Wed, 22 May 2013 19:07:23 +0200 Message-ID: Subject: Re: Problems with ipfw/natd and axe(4) From: Spil Oss To: pyunyh@gmail.com Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-ipfw@freebsd.org, Gleb Smirnoff , current X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: spil.oss@gmail.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 May 2013 17:07:24 -0000 Hi YongHyeon, Without natd this seems to work fine (both on RELEASE and CURRENT). Both my Hong-Kong no-name and Edimax EU-4208 seem to behave the same. This works with natd on RELEASE as well, but just for a limited time. I've yet to establish if it's time or #packets that cause the processing to stop. I'll try to generate some tcpdump output and compare working / non-working connected to NIC with txcsum/rxcsum disabled. Any pointers how to dig deeper? Kind regards, Spil. On Mon, May 13, 2013 at 6:36 AM, YongHyeon PYUN wrote: > On Sat, May 11, 2013 at 12:04:09AM +0400, Gleb Smirnoff wrote: >> Spil, >> >> On Fri, May 10, 2013 at 09:06:35AM +0200, Spil Oss wrote: >> S> There seems to be quite a bit of overhaul on the firewall code, pf and >> S> ipfw have been moved to sys/netpfil? Can there be some regressions in >> S> there that I hit? >> >> Yes, a regression is possible there. However, the issue seems to be >> axe(4) specific, since there are no reports on more common NICs. > > There was no change to axe(4) except added a new device id so it > seems the issue is not in driver. In addition, AX88772B engineering > sample I have works without problems on CURRENT. > I didn't use ipfw(4) or natd though. From owner-freebsd-ipfw@FreeBSD.ORG Wed May 22 17:10:02 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2A8F4FF2 for ; Wed, 22 May 2013 17:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 0353974D for ; Wed, 22 May 2013 17:10:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4MHA1eV041667 for ; Wed, 22 May 2013 17:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4MHA1a9041666; Wed, 22 May 2013 17:10:01 GMT (envelope-from gnats) Date: Wed, 22 May 2013 17:10:01 GMT Message-Id: <201305221710.r4MHA1a9041666@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org Cc: From: Joe Subject: Re: kern/178482: [ipfw] logging problem from vnet jail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Joe List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 May 2013 17:10:02 -0000 The following reply was made to PR kern/178482; it has been noted by GNATS. From: Joe To: Ian Smith Cc: bug-followup@FreeBSD.org Subject: Re: kern/178482: [ipfw] logging problem from vnet jail Date: Wed, 22 May 2013 13:04:29 -0400 Ian Smith wrote: > > > 9.1-RELEASE kernel with modules and vimage plus ipfw compiled in. > > vnet jails running ipfw are logging to the host security file and > > don't log any ipfw log messages to the hosts message file. Secondly > > the vnet jails security and messages files never get populated with > > ipfw log messages. > > Logging to the host's syslog rather than the jail's appears to be the > main/real issue here, confirmed and demonstrated by Anders Hagman, see > http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-May/005398.html You have the incorrect conclusion. Let me reword what was stated in the original pr to give a clearer picture of the pr. IPFW log messages coming from a IPFW process running inside of a jail(8) vnet jail are being written to the hosts /etc/log/security file and not to the vnet jail's /etc/log/security file. If the host is also running ipfw, it's logging messages are intermingled with those coming from the vnet jail ipfw process. And yes Anders Hagman did confirm this per the link you provided. > > > logger command works. logged msg in both security and messages on > > host > > vnet jail can ping the public internet. > > Hosts security file has log messages from both jail and host. > > ipfw log messages are not being put into the hosts messages file. > > Apart from certain admin messages such as ipfw initialization, 'limit N > reached on rule X' and 'Entry X logging count reset.' ipfw log messages > are never written to /var/log/messages but only to /var/log/security. > Since you set verbose_limit=0, you shouldn't expect to see anything from > ipfw in /var/log/messages, on either host or jail. I don't know how you can to that conclusion. verbose_limit is not mentioned in this pr. You are incorrect. verbose_limit is not set for this pr test. > > > # /root >/var/log/security > > empty file > > > > # /root >cat /var/log/messages > > empty file > > Strange that there were not even normal bootup messages on the host? Thats because I deleted all content before running this test to make the output simple. What purpose would showing boot messages serve? > > The rest serves to demonstrate the vnet jail logging-to-host issue. > > Ian > > From owner-freebsd-ipfw@FreeBSD.ORG Thu May 23 11:50:01 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5489AD78 for ; Thu, 23 May 2013 11:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 4680A9A8 for ; Thu, 23 May 2013 11:50:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r4NBo1BP084684 for ; Thu, 23 May 2013 11:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r4NBo0wJ084672; Thu, 23 May 2013 11:50:00 GMT (envelope-from gnats) Date: Thu, 23 May 2013 11:50:00 GMT Message-Id: <201305231150.r4NBo0wJ084672@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org Cc: From: Ian Smith Subject: Re: kern/178482: [ipfw] logging problem from vnet jail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Ian Smith List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 May 2013 11:50:01 -0000 The following reply was made to PR kern/178482; it has been noted by GNATS. From: Ian Smith To: Joe Cc: bug-followup@FreeBSD.org Subject: Re: kern/178482: [ipfw] logging problem from vnet jail Date: Thu, 23 May 2013 21:45:24 +1000 (EST) > You have the incorrect conclusion. Let me reword what was stated in the > original pr to give a clearer picture of the pr. IPFW log messages coming > from a IPFW process running inside of a jail(8) vnet jail are being written > to the hosts /etc/log/security file and not to the vnet jail's > /etc/log/security file. Exactly so; if rewording what I said assists comprehension, fine. > If the host is also running ipfw, it's logging > messages are intermingled with those coming from the vnet jail ipfw process. > And yes Anders Hagman did confirm this per the link you provided. Again, exactly so. Anders used different rule numbers on host and jail which made following the log easier, but your example log is followable. > > Since you set verbose_limit=0, you shouldn't expect to see anything from > > ipfw in /var/log/messages, on either host or jail. > > I don't know how you can to that conclusion. verbose_limit is not mentioned > in this pr. You are incorrect. verbose_limit is not set for this pr test. Sigh. Paragraphs 4 and 5 of _this_ PR: # ran on the host # /root >sysctl net.inet.ip.fw.verbose net.inet.ip.fw.verbose: 1 # /root >sysctl net.inet.ip.fw.verbose_limit net.inet.ip.fw.verbose_limit: 0 > > Strange that there were not even normal bootup messages on the host? > > Thats because I deleted all content before running this test to make the > output simple. What purpose would showing boot messages serve? You may find tail(1) useful. Ian From owner-freebsd-ipfw@FreeBSD.ORG Sat May 25 00:04:40 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D39E0BA6 for ; Sat, 25 May 2013 00:04:40 +0000 (UTC) (envelope-from prvs=1857a6cbde=agave.spring@cadamericas.com) Received: from cadamericas.com (mail02.amotive.com [173.164.153.20]) by mx1.freebsd.org (Postfix) with ESMTP id B66FCAEC for ; Sat, 25 May 2013 00:04:40 +0000 (UTC) Received: from agave.cadamericas.com ([64.183.139.162]) by amotive.com (mail02.amotive.com) (MDaemon PRO v13.0.2) with ESMTP id md50002152436.msg; Fri, 24 May 2013 17:04:32 -0700 X-Spam-Processed: mail02.amotive.com, Fri, 24 May 2013 17:04:32 -0700 (not processed: message from trusted or authenticated source) X-MDRemoteIP: 64.183.139.162 X-Return-Path: prvs=1857a6cbde=agave.spring@cadamericas.com X-Envelope-From: agave.spring@cadamericas.com X-MDaemon-Deliver-To: freebsd-ipfw@freebsd.org Date: Fri, 24 May 2013 17:03:11 -0700 To: freebsd-ipfw From: CAD Americas Subject: Build Your Electrical Cad Design Skill Set Message-ID: X-Priority: 3 X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/) X-CampTrackID: 22fe538f-c374-1ade-3958-519fffed7834 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: CAD Americas List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 May 2013 00:04:40 -0000 TIME IS RUNNING OUT! Register for CAD Americas Training Days by MAY 7 and S= AVE!=0ACAD AMERICAS TRAINING DAYS ARRIVE IN YOUR AREA SOON Join us for this= one-day training event in your area. Whether your focus is Mechanical Desi= gn, Construction, BIM, Electrical Design or Plant Design, there will be ses= sions that will improve your productivity immediately!=0AJune 4June 6June 7= June 12June 13June 26 June 27=0A Cleveland Cincinnati Detroit Atlanta D= allas San Jose San_Bernardino =0ATAKE HOME NEW TOOLS AND TECHNIQUES THAT = WILL IMPROVE YOUR PERFORMANCE IMMEDIATELY=0A=0A=0A=0A=0ALynn AllenTechnical= Evangelist More =0ARobert GreenCAD Mgmt Expert More =0ASteve SchainAutoCAD= Expert More =0ATod StephensRevit Expert More =0AClick here to see current = session descriptions.Please note that sessions will vary by location =0ALea= rn from well-known industry instructors who will share best practices and t= rends, product tips and tricks, new features =E2=80=A6 and more.=0AImprove = your productivity with new techniques that you can put to work right away.= =0AMeet your peers and exchange ideas on how to best use the CAD tools you = have to meet the demands of your job.=0ATake a closer look at services and = technologies offered by resellers in your area.=0AREGISTER BY MAY 7TH AND S= AVERegister for=C2=A0a CAD Americas Training Day by May 7th and save.=0AEar= ly Bird Rate: $150 (Until May 7th)=0AStandard Rate: $195 (AFTER May 7th)=0A= Student/Faculty Rate: $95 (must present current student ID upon check-in at= registration)=0AREGISTER FOR CAD AMERICAS TRAINING TODAY!=0A=0A=0A=0A=0AJo= in us at=0A=0A=0A=0A=0A=0A=0A=0A=0A=0A=0A=0A=C2=A0INTERNATIONAL SPONSORS=0A= =0A=0A=C2=A0=C2=A0 =C2=A0=C2=A0 =0A=0AEDUCATION SPONSOR=0A=0A=0AMEDIA SPONS= ORS=0A=0A=C2=A0=0AThis email was sent to email address: freebsd-ipfw@freebs= d.org Click here to Opt-Out=0A