search for: verbose_limit

...limit check in /etc/periodic/security takes into account only global/default verbosity limit and does not account for a specific logging limit set for a particular rule e.g.: $ ipfw -a l | fgrep log 65000 *521* 41764 deny log logamount *1000* ip from any to any $ sysctl -n net.inet.ip.fw.verbose_limit *100* >From security run output: ipfw log limit reached: 65000 519 41672 deny log logamount 1000 ip from any to any -- Andriy Gapon

Hi all! After installing 5.3 I've noticed some change in firewall logging. Prior (on 5.2) rules gave me what I needed: trimed to 3 of the same connection. Every new connection on the same rule gave new log line up to 3. I have in kernel: FIREWALL FIREWALL_VERBOSE FIREWALL_VERBOSE_LIMIT=3 Now, all connections on the same rule are trimed to 3. Is it possib- le on 5.3 to have all connections logged, but no more than 3 of the same? Just a little annoyance... I'd rather see what was blocked. New is even line: "ipfw: limit 3 reached on entry 1500" Can I do something to ha...

...*Handler Int 15 keepfaith RW *Handler Int 16 gifttl RW *Handler Int 100 subnets_are_local RW *Handler Int 101 fw RW Node 100 enable RW *Handler Int 101 one_pass RW *Handler Int 102 debug RW *Handler Int 103 verbose RW *Handler Int 104 verbose_limit RW *Handler Int 105 dyn_buckets RW *Handler Int 106 curr_dyn_buckets R *Handler Int 107 dyn_count R *Handler Int 108 dyn_max RW *Handler Int 109 static_count R *Handler Int 110 dyn_ack_lifetime RW *Handler Int 111 dyn_syn_lifetime RW *Handl...

...>8============================================================================================== --- 550.ipfwlimit Wed Feb 23 18:54:35 2005 +++ 550.ipfwlimit.new Wed Feb 23 19:19:19 2005 @@ -45,10 +45,10 @@ TMP=`mktemp -t security` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then - ipfw -a l | grep " log " | \ - grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ - awk -v limit="$IPFW_LOG_LIMIT" \ - '{i...

Hi, Is there a security problem with ssh that I've missed??? Ik keep getting these hords of: Failed password for root from 69.242.5.195 port 39239 ssh2 with all kinds of different source addresses. They have a shot or 15 and then they are of again, but a little later on they're back and keep clogging my logs. Is there a "easy" way of getting these ip-numbers added to