ipfw logging to dmesg not /var/log/syslog

From: Randy Bush (randy@psg.com)
Date: 09/17/01

• Next message: Kevin Way: "Re: ipfw logging to dmesg not /var/log/syslog"
• Previous message: Karsten W. Rohrbach: "Re: Dynamic Firewall/IDS System"
• Next in thread: Kevin Way: "Re: ipfw logging to dmesg not /var/log/syslog"
• Reply: Kevin Way: "Re: ipfw logging to dmesg not /var/log/syslog"
• Maybe reply: Randy Bush: "Re: ipfw logging to dmesg not /var/log/syslog"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Randy Bush <randy@psg.com>
To: freebsd-security@freebsd.org
Date: Mon, 17 Sep 2001 06:33:54 -0700

why is ipfw's logging in dmesg as opposed to /var/log/security?
4.4-RC

[ some ip addresses changed ]

# ipfw show
00100 98 3528 allow ip from 42.666.32.0/24 to any
00200 101 3780 allow ip from 42.666.42.0/24 to any
00300 3 185 allow ip from 42.666.49.0/24 to any
00400 1 36 deny icmp from any to 666.42.0.3 icmptype 8
00500 1 36 deny icmp from any to 666.42.0.4 icmptype 8
00600 7886 2583885 deny log logamount 100 icmp from any to 666.42.0.39 icmptype 8
00700 7435873 932696758 allow ip from any to any
65535 28 1803 deny ip from any to any

# sysctl net.inet.ip.fw
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 100
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 1000
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 20
net.inet.ip.fw.dyn_rst_lifetime: 5
net.inet.ip.fw.dyn_short_lifetime: 30

# cat /var/log/security
#

-- from /etc/syslog.conf
# Log all security messages to a separate file.
security.* /var/log/security

# dmesg
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 202.138.24.6 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 202.138.24.6 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 195.138.133.10 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 212.25.76.130 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 203.166.26.98 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 211.188.128.2 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 149.239.191.1 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 63.123.132.2 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.150 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 212.9.161.92 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 146.83.188.5 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 63.123.132.2 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.150 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 212.9.161.92 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 146.83.188.5 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 63.123.132.2 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.150 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 212.9.161.92 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.147 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 209.16.20.148 666.42.0.39 in via fxp0
ipfw: 600 Deny ICMP:8.0 196.40.17.129 666.42.0.39 in via fxp0

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Kevin Way: "Re: ipfw logging to dmesg not /var/log/syslog"
• Previous message: Karsten W. Rohrbach: "Re: Dynamic Firewall/IDS System"
• Next in thread: Kevin Way: "Re: ipfw logging to dmesg not /var/log/syslog"
• Reply: Kevin Way: "Re: ipfw logging to dmesg not /var/log/syslog"
• Maybe reply: Randy Bush: "Re: ipfw logging to dmesg not /var/log/syslog"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: RELENG_5 ipfw problem ... > Oliver Brandmueller wrote: ... >>if I enable this host on the load balancer, ... > Please provide the ipfw line from dmesg as well. ... (freebsd-current) Re: RELENG_5 ipfw problem ... >>Please provide the ipfw line from dmesg as well. ... it belongs into a default kernel or a kernel with just ipfw compiled in. ... If I don't enable dummynet, I cannot even load a dummynet ... (freebsd-current) Re: kobject: vcs1 (d2172ad8): kobject_add_internal: parent: vc, set: devices ... What switch is responsible for this logging: ... I can't find it and it removes an oops from dmesg before i can capture it. ... (Linux-Kernel) Re: RELENG_5 ipfw problem ... > if I enable this host on the load balancer, I do only see incoming ... > disappear. ... Please provide the ipfw line from dmesg as well. ... (freebsd-current) Re: ipfw questions ... > Receive same error at command line when entering: ipfw ... dmesg will probably tell you, ... ...is present (if so, this implies IPFW2). ... (freebsd-stable)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)