Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Log firewall messages with custom configurations Network
Tiger only hintUnder Tiger, this previous hint, to create a custom ipfw setup to write log entries to the /var/log/ipfw.log file, doesn't work -- it seems that program blocks inside syslog.conf are ignored.

However, the solution is to modify (just a little bit) the script you use to launch ipfw at startup (if you are using a custom firewall configuration, you know what and where that is). The modifications are to set the verbose parameter to 2, and to launch the ipfwloggerd daemon.

This is the code that accomplish the goal (some details may vary, depending on your setup):
/usr/sbin/sysctl -w net.inet.ip.fw.verbose=2
/usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=0
/sbin/ipfw -q flush
/sbin/ipfw -q /etc/ipfw.conf
[robg adds: I haven't tested this one...]
  • Currently 3.25 / 5
  You rated: 4 / 5 (4 votes cast)

10.4: Log firewall messages with custom configurations | 1 comments | Create New Account
Click here to return to the '10.4: Log firewall messages with custom configurations' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Log firewall messages with custom configurations
Authored by: JohnAlbin on Dec 19, '05 07:58:11PM

I was disappointed to see that program blocks are being ignored in 10.4's system.conf file. I was using them to seperate out imapd, horde, bind, and other log entries from the main system.log.

This hint does what it claims, but I woudn't use the second line /usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=0 because you are opening up your system to a DOS attack (Denial-Of-Service). A verbose_limit of 0 means you are turning off the limit of how many times the system will log a particular firewall rule; which means someone can fill up your hard drive simply by causing your system to write unlimited log messages. The default of 500 is sufficient.

[ Reply to This | # ]