Date: Mon, 11 Aug 2003 15:40:54 -0700 From: "Crist J. Clark" <cristjc@comcast.net> To: Redmond Militante <r-militante@northwestern.edu> Cc: freebsd-security@freebsd.org Subject: Re: problems with ipfilter on 5.1-RELEASE Message-ID: <20030811224054.GC32225@blossom.cjclark.org> In-Reply-To: <20030808064118.GA64362@darkpossum> References: <20030808064118.GA64362@darkpossum>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 08, 2003 at 01:41:18AM -0500, Redmond Militante wrote:
> hi all
>
> i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter
> seems to be working fine. i just have a couple of issues that are
> probably not very serious...
>
> one thing is that during network startup at boot, i get the message
> IPFilter: already initialized
> repeated 4 times.
>
> i think i have everything configured properly
>
> my kernel config looks like
>
> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
>
> my /etc/rc.conf looks like
>
> ipfilter_enable="YES"
> ipfilter_flags=""
> ipfilter_rules="/etc/ipfilter.rules"
> ipmon_enable="YES"
> ipmon_flags="-Dsvn"
IPFilter may be initialized when other network devices and services
are started and configured. This might be what you see. Can you
provide more of your rc.conf? At the very least, the other
networking-related variables.
> the other problem i have is that: it now seems that ipmon is logging to
> /var/log/messages. i've set up ipfilter successfully on many freebsd
> 4x boxes, but this is the first time i've tried to set it up on 5x.
>
> in my /etc/syslog.conf i have
>
> local0.* /var/log/firewall_logs
> *.notice;local0.none;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
> /var/log/messages
The default facility for IPFilter was changed to LOG_SECURITY,
cvs diff -rRELENG_4 -rRELENG_5_1 src/contrib/ipfilter/Makefile
Index: src/contrib/ipfilter/Makefile
===================================================================
RCS file: /ncvs/src/contrib/ipfilter/Makefile,v
retrieving revision 1.1.1.8.2.6
retrieving revision 1.2
diff -u -r1.1.1.8.2.6 -r1.2
--- src/contrib/ipfilter/Makefile 1 Mar 2003 03:55:50 -0000 1.1.1.8.2.6
+++ src/contrib/ipfilter/Makefile 5 Apr 2003 09:25:19 -0000 1.2
@@ -3,6 +3,7 @@
#
# See the IPFILTER.LICENCE file for details on licencing.
#
+# $FreeBSD: src/contrib/ipfilter/Makefile,v 1.2 2003/04/05 09:25:19 darrenr Exp $
# $Id: Makefile,v 2.11.2.15 2002/12/02 04:22:56 darrenr Exp $
#
BINDEST=/usr/local/bin
@@ -29,7 +30,7 @@
#
# The facility you wish to log messages from ipmon to syslogd with.
#
-LOGFAC=-DLOGFAC=LOG_LOCAL0
+LOGFAC=-DLOGFAC=LOG_SECURITY
#
# Uncomment the next 3 lines if you want to view the state table a la top(1)
You might want to,
--- /export/freebsd/RELENG_5_1/src/etc/syslog.conf Wed Apr 23 06:08:31 2003
+++ syslog.conf Mon Aug 11 15:37:54 2003
@@ -6,7 +6,7 @@
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit /dev/console
-*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
+*.notice;authpriv,security.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
If you wish to stop messages to /var/log/messages. They should already
be collecting in /var/log/security. You may wish to change that to
firewall_logs if the filename is important to you.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030811224054.GC32225>