search for: firewall_logging

hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options

...kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES" firewall_logging="YES" Well! Firewall works, I have data with "ipfw show", but there is no log. My intentioned rule is add 65535 deny log all from any to any It should work, but is does not. What I am doing wrong? With no syslogd and newsyslog, log would be in "messages" file in /va...

...t;YES" sshd_enable="YES" firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="OPEN" # Firewall type (see /etc/rc.firewall) firewall_logging="YES" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="YES" # Enable natd (if fir...

...' of /bootpool/boot drwxr-xr-x 2 root wheel 1.5K Nov 28 21:55 kernel/ This is my kernel file: include GENERIC ident theEleven options AUDIT options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=15 options DUMMYNET This is from rc.conf: firewall_enable="YES" firewall_logging="YES" firewall_script="/etc/myScript" firewall_quiet="NO" firewall_logif="YES" firewall_nat_enable="NO" Darrel

Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead: