Date: Tue, 9 Sep 2003 13:22:18 +0100 From: Wayne Pascoe <freebsd-questions@penguinpowered.org> To: John Birrell <jb@cimlogic.com.au> Cc: freebsd-questions@freebsd.org Subject: Re: Logging and IPFW Message-ID: <20030909122218.GA17321@marvin.penguinpowered.org> In-Reply-To: <20030909114214.GC49415@freebsd1.cimlogic.com.au> References: <20030909113447.GB17219@marvin.penguinpowered.org> <20030909114214.GC49415@freebsd1.cimlogic.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 09, 2003 at 09:42:14PM +1000, John Birrell wrote:
> On Tue, Sep 09, 2003 at 12:34:47PM +0100, Wayne Pascoe wrote:
> > However, I am still not seeing anything in /var/log/messages when I
> > portscan the machine. The firewall appears to be working, as we receive
> > nothing back on the portscanning machine, but I would like logging
> > enabled.
>
> Have you added the 'log' keyword to your rules?
>
> e.g:
>
> # Reject&Log all setup of incoming connections from the outside
> ${fwcmd} add deny log tcp from any to any in via ${oif} setup
>
> The log entries will be written to /var/log/security.
I tried changing the rc.firewall script so that the last line in the
CLIENT section read
${fwcmd} add 65535 deny ip from any to any log
but ipfw list still just showd
65535 deny ip from any to any log
where should that rule with the log go in the list ? Before the last
line ?
Should I add a rule before 65535 that logs things ?
Thanks,
--
Wayne Pascoe
'tis far easier to get forgiveness than it is to
get permission - probably someone famous,
but more often, my Dad.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030909122218.GA17321>