Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.4: Log firewall messages with custom configurations' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Log firewall messages with custom configurations
Authored by: JohnAlbin on Dec 19, '05 07:58:11PM

I was disappointed to see that program blocks are being ignored in 10.4's system.conf file. I was using them to seperate out imapd, horde, bind, and other log entries from the main system.log.

This hint does what it claims, but I woudn't use the second line /usr/sbin/sysctl -w net.inet.ip.fw.verbose_limit=0 because you are opening up your system to a DOS attack (Denial-Of-Service). A verbose_limit of 0 means you are turning off the limit of how many times the system will log a particular firewall rule; which means someone can fill up your hard drive simply by causing your system to write unlimited log messages. The default of 500 is sufficient.



[ Reply to This | # ]