Date: Tue, 22 Mar 2016 02:52:21 +0100 From: Wout =?ISO-8859-1?Q?Decr=E9?= <wout@canodus.be> To: Chris Jordan <cwjordandt@gmail.com> Cc: freebsd-doc@freebsd.org Subject: Re: Handbook section 29.4.1 Enabling IPFW Message-ID: <1458611541.3549.9.camel@canodus.be> In-Reply-To: <CAPOquS-4dFamzx4XKK6WrPEgnCYrxXxUaC=dK29wWa41Kwpmzw@mail.gmail.com> References: <CAPOquS8BoY5T_a6Nd0Opg-wQ-QoNV=UCBKySbmWAPLto3NiojQ@mail.gmail.com> <1458577873.3661.20.camel@canodus.be> <CAPOquS-4dFamzx4XKK6WrPEgnCYrxXxUaC=dK29wWa41Kwpmzw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2016-03-21 at 17:39 -0400, Chris Jordan wrote: > On Mon, Mar 21, 2016 at 12:31 PM, Wout Decré <wout@canodus.be> wrote: > > > On Mon, 2016-03-21 at 11:38 -0400, Chris Jordan wrote: > > > I'm coming back to FreeBSD after many years away and I am setting up a > > new > > > system with 10-2-release. > > > > > > I was reading through Handbook section 29.4.1 "Enabling IPFW" and it > > says: > > > "To enable logging, include this line in > > > /etc/rc.conf: firewall_logging="YES"". That didn't seem to work for me, > > so > > > I went looking through /etc/rc.firewall, and found it's looking for a > > line > > > like "firewall_logdeny="YES" instead, but it's only checking for that for > > > the case where firewall_type="workstation". > > > > IPFW logging is enabled in /etc/rc.d/ipfw: > > > > if checkyesno firewall_logging; then > > echo 'Firewall logging enabled.' > > sysctl net.inet.ip.fw.verbose=1 >/dev/null > > fi > > > > Should work putting firewall_logging="YES" in rc.conf. By default, logs > > are written to /var/log/security. > > > > > Ah, I see, thanks. The difference is that when I set > "firewall_logdeny="YES"" in rc.conf, then /etc/rc.firewall both sets > net.inet,ip.fw.verbose=1 and sets a firewall rule for "65500 deny log > logamount 500 ip from any to any", while if I set "firewall_logging="YES"" > then the firewall rule is "65500 deny ip from any to any" so nothing gets > logged. I suppose it's not a problem if you're modifying /etc/rc.firewall > to set your own rules anyway, but in the simple case it's a bit unclear. > I've only tried it where "firewall_type="workstation"", the other > firewall_types appear to have different default logging behavior. Yes, firewall_logdeny is used by the "workstation" type. See /etc/defaults/rc.conf for other options as well. I would suggest to make use of these options instead of modifying /etc/rc.firewall. Or, make use of a custom script instead of the firewall types: firewall_script="/etc/ipfw.rules" You need to add the "log" keyword for IPFW to log an entry. An example using a script is available in the Handbook. Good luck Wout > > Chris Jordan > _______________________________________________ > freebsd-doc@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-doc > To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1458611541.3549.9.camel>