Date: Fri, 22 Oct 1999 10:06:14 -0700 (PDT) From: daniel B <danielb@pacex.net> To: Doug Barton <Doug@gorean.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw dny ip from any to any Message-ID: <Pine.BSF.4.10.9910220959180.20681-100000@almazs.pacex.net> In-Reply-To: <Pine.BSF.4.10.9910211342160.51282-100000@dt050n71.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I want to log all denied packets in ipfw and I used > > 65534 add deny log all from any to any > > this should 'bypass' the las rule > > 65535 deny all from any to any > > > > but it doen't! I still see denied packet on the last rule when I do > > ipfw sh > > > > What to do now? > > I bet that the amount of packets is always constant, right? Try > doing 'ipfw -a l' once a day for a few days. The number should always be > the same. This represents the number of packets that cross the interface > before your firewall rules are loaded by the init process. > > If it turns out that the number does grow, then we have a bug > somewhere and we need to track it down. > > Good luck, Well NO LUCK yet! I also tried this: $fwcmd add 65532 deny log tcp from any to any $fwcmd add 65533 deny log udp from any to any $fwcmd add 65534 deny log icmp from any to any and the last rule dy default is: 65535 deny all from any to any and I still see denied packets logged under the last rule I reloaded my firewall rules and even rebooted! Huh! Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910220959180.20681-100000>