Date: Tue, 24 Oct 2006 14:53:27 +0400 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: freebsd-ipfw@freebsd.org Cc: Luigi Rizzo <rizzo@icir.org>, Oleg Bulyzhin <oleg@FreeBSD.org>, Julian Elischer <julian@elischer.org> Subject: ipfw tracing Message-ID: <453DF0A7.6030700@yandex.ru>
next in thread | raw e-mail | index | archive | help
Hi, All! I've make a small patch that add a rule action tracing feature to ipfw2. http://butcher.heavennet.ru/patches/kernel/ipfw_trace/ This patch can be usefull when you have too many ipfw-rules. When some packets not pass ipfw - It is not easy to determine rule which block these packets. How to use: # ipfw add 1 count tag <SOME_TAG> <RULE_BODY> # sysctl net.inet.ip.fw.trace_tag=<SOME_TAG> # tail -f /var/log/security <SOME_TAG> - some tag number <RULE_BODY> - rule for matching needed packets What you think about that? -- WBR, Andrey V. Elsukov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?453DF0A7.6030700>