Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Mar 2016 17:39:07 -0400
From:      Chris Jordan <cwjordandt@gmail.com>
To:        freebsd-doc@freebsd.org
Subject:   Re: Handbook section 29.4.1 Enabling IPFW
Message-ID:  <CAPOquS-4dFamzx4XKK6WrPEgnCYrxXxUaC=dK29wWa41Kwpmzw@mail.gmail.com>
In-Reply-To: <1458577873.3661.20.camel@canodus.be>
References:  <CAPOquS8BoY5T_a6Nd0Opg-wQ-QoNV=UCBKySbmWAPLto3NiojQ@mail.gmail.com> <1458577873.3661.20.camel@canodus.be>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Mar 21, 2016 at 12:31 PM, Wout Decr=C3=A9 <wout@canodus.be> wrote:

> On Mon, 2016-03-21 at 11:38 -0400, Chris Jordan wrote:
> > I'm coming back to FreeBSD after many years away and I am setting up a
> new
> > system with 10-2-release.
> >
> > I was reading through Handbook section 29.4.1 "Enabling IPFW" and it
> says:
> > "To enable logging, include this line in
> > /etc/rc.conf: firewall_logging=3D"YES"".  That didn't seem to work for =
me,
> so
> > I went looking through /etc/rc.firewall, and found it's looking for  a
> line
> > like "firewall_logdeny=3D"YES" instead, but it's only checking for that=
 for
> > the case where firewall_type=3D"workstation".
>
> IPFW logging is enabled in /etc/rc.d/ipfw:
>
> if checkyesno firewall_logging; then
>   echo 'Firewall logging enabled.'
>   sysctl net.inet.ip.fw.verbose=3D1 >/dev/null
> fi
>
> Should work putting firewall_logging=3D"YES" in rc.conf. By default, logs
> are written to /var/log/security.
>
>
Ah, I see, thanks.  The difference is that when I set
"firewall_logdeny=3D"YES"" in rc.conf, then /etc/rc.firewall both sets
net.inet,ip.fw.verbose=3D1 and sets a firewall rule for "65500 deny log
logamount 500 ip from any to any", while if I set "firewall_logging=3D"YES"=
"
then the firewall rule is "65500 deny ip from any to any" so nothing gets
logged.  I suppose it's not a problem if you're modifying /etc/rc.firewall
to set your own rules anyway, but in the simple case it's a bit unclear.
I've only tried it where "firewall_type=3D"workstation"", the other
firewall_types appear to have different default logging behavior.

Chris Jordan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPOquS-4dFamzx4XKK6WrPEgnCYrxXxUaC=dK29wWa41Kwpmzw>