Displaying 12 results from an estimated 12 matches for "logamount".
Did you mean:
localmount
2005 Feb 22
1
periodic/security/550.ipfwlimit
550.ipfwlimit check in /etc/periodic/security takes into account only
global/default verbosity limit and does not account for a specific
logging limit set for a particular rule e.g.:
$ ipfw -a l | fgrep log
65000 *521* 41764 deny log logamount *1000* ip from any to any
$ sysctl -n net.inet.ip.fw.verbose_limit
*100*
>From security run output:
ipfw log limit reached:
65000 519 41672 deny log logamount 1000 ip from any to any
--
Andriy Gapon
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2007 Dec 24
0
Fwd: Re: IPFW: Blocking me out. How to debug?
...les will match this one and hence
>> > be logged and denied. Is this not correct?
>>
>>That's correct. Aren't you seeing any? Try show rather than tell.
>
>Showing:
>
># ipfw -a -S -N -t list
>00100 688 173384 Thu Dec 20 15:32:17 2007 set 0 allow log logamount
> 10 ip from any to any via lo0
>00200 0 0 set 0 deny log logamount 10
> ip from any to 127.0.0.0/8
>00300 0 0 set 0 deny log logamount 10
> ip from 127.0.0.0/8 to any
>00400 4344 1712050 Fri Dec 21 00:23:37 2007 se...
2007 Dec 20
1
IPFW: Blocking me out. How to debug?
Dear W.D.
Do you understand that by adding the rules into kernel space numbered from zero to sixty five thousand five hundred thirty four
you may alter the behavior of the rule number sixty five thousand five hundred thirty five
can you please define and list the goals you are trying to achieve by altering default rule in the terms you can both explain and understand.
----- Original Message
2005 Nov 22
2
ipfw check-state issue
...om any to any dst-port 138 in via vr0
01322 4 192 deny tcp from any to any dst-port 139 in via vr0
01323 3 144 deny tcp from any to any dst-port 81 in via vr0
01330 0 0 deny ip from any to any frag in via vr0
01350 362 71038 deny tcp from any to any established in via vr0
01400 2879 346276 deny log logamount 10 ip from any to any in via vr0
01450 0 0 deny log logamount 10 ip from any to any out via vr0
01800 8049 1944267 divert 8668 ip from any to any out via vr0
01801 14676 5695755 allow ip from any to any
01999 0 0 deny log logamount 10 ip from any to any
65535 758 727615 deny ip from any to any
pl...
2007 Dec 13
3
IPFW compiled in kernel: Where is it reading the config?
Hi peeps,
After compiling ipfw into the new 6.2 kernel, and typing "ipfw list",
all I get is:
"65535 deny ip from any to any"
From reading the docs, this might indicate that this is the
default rule. (I am certainly protected this way--but can't
be very productive ;^) )
By the way, when I run "man ipfw" I get nothing. Using this
instead:
2008 Dec 04
1
rc.firewall: default loopback rules are set up even for custom file
...ee in releng/7 something that I did not see
in releng/6 - even if I use a file with custom rules in firewall_type I
still get default loopback rules installed.
I think that this is not correct, I am using custom rules exactly
because I want to control *everything* (e.g. all deny rules come with
log logamount xxx).
--
Andriy Gapon
2005 Feb 23
0
Fw-up: Re: periodic/security/550.ipfwlimit - diff for RELENG-5]
...39;^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
- awk -v limit="$IPFW_LOG_LIMIT" \
- '{if ($2 > limit) {print $0}}' > ${TMP}
+ ipfw -a l | grep " log " \
+ | \
+ awk -v limit="$IPFW_LOG_LIMIT" -v logamount=$6 \
+ '{if ($5 == "logamount") {if ($2 > logamount) {print $0} } else { if ($2 > limit) {print $0} } }' > ${TMP}
if [ -s "${TMP}" ]; then
rc=1
echo ""
=============================>8========...
2005 Aug 21
1
Security warning with sshd
In my recent security email, I got the following errors:
cantona.dnswatchdog.com login failures:
Aug 20 02:37:19 cantona sshd[9444]: fatal: Write failed: Operation not permitted
Aug 20 04:30:42 cantona sshd[16142]: fatal: Write failed: Operation
not permitted
Aug 20 21:21:51 cantona sshd[45716]: fatal: Write failed: Operation
not permitted
So three questions: What is it? Should I be worried?
2004 Jul 28
3
Ipfw config
...mp; Log all setup of tcp incoming connections from the outside ##
add 00770 deny log tcp from any to any setup in via bge0
## Reject all port 80 http packets that fall through to here ##
add 00780 deny tcp from any to any 80 out via bge0
## Everything else is denied by default ##
add 00790 deny log logamount 500 all from any to any
Thanks
Nick
2004 Feb 11
1
Kernel log output meaning
...201 to 200 packets per second
[...]
where fxp0 is an external interface.
What could involve such a messages?
In /var/log/messages the above strings was prepended by string:
Feb 10 13:24:29 gw /kernel: ipfw: limit 100 reached on entry 10800
current ipfw #10800 entry says:
10800 1204 52976 deny log logamount 100 ip from any to 172.16.0.0/12 via fxp0
/var/log/security at this time shows many strings looking like this:
Feb 10 13:24:29 gw /kernel: ipfw: 10800 Deny TCP 11.22.33.44:1376 172.29.249.249:7 out via fxp0
11.22.33.44 is my fxp0 iface address.
I do not think I have tried to initiate such a conn...
2004 Apr 15
2
Policy routing with IPFW
Hi There,
I've been having an issue trying to figure out a way to policy route
outbound packets from a multihomed machine through the proper interface
using IPFW to no avail.
I've tried several different incantations of IPFW fwd/forward
statements, and none of them seem to do the trick.
Basically, I have a host that has multiple Internet connections. This
host is running FreeBSD 4.9