[FUGSPBR] log do ipf

Alvicler Magalhaes calvin em dq.ufscar.br
Ter Set 18 17:15:59 BRT 2001


Veja abaixo o arquivo /sys/i386/conf/LINT
Coloca o IPFILTER_LOG e depois da uma lida no man
acho que
touch /var/log/ipfw ja deve resolver depois de configurar seu kernel.


#
# Internet family options:
#
# TCP_COMPAT_42 causes the TCP code to emulate certain bugs present in
# 4.2BSD.  This option should not be used unless you have a 4.2BSD
# machine and TCP connections fail.
#
# MROUTING enables the kernel multicast packet forwarder, which works
# with mrouted(8).
#
# IPFIREWALL enables support for IP firewall construction, in
# conjunction with the `ipfw' program.  IPFIREWALL_VERBOSE sends
# logged packets to the system logger.  IPFIREWALL_VERBOSE_LIMIT
# limits the number of times a matching entry can be logged.
#
# WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
# and if you do not add other rules during startup to allow access,
# YOU WILL LOCK YOURSELF OUT.  It is suggested that you set firewall_type=open
# in /etc/rc.conf when first enabling this feature, then refining the
# firewall rules in /etc/rc.firewall after you've tested that the new kernel
# feature works properly.
#
# IPFIREWALL_DEFAULT_TO_ACCEPT causes the default rule (at boot) to
# allow everything.  Use with care, if a cracker can crash your
# firewall machine, they can get to your protected machines.  However,
# if you are using it as an as-needed filter for specific problems as
# they arise, then this may be for you.  Changing the default to 'allow'# out of sync.
#
# IPDIVERT enables the divert IP sockets, used by ``ipfw divert''
#
# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding
# packets without touching the ttl).  This can be useful to hide firewalls
# from traceroute and similar tools.
#
# TCPDEBUG is undocumented.
#
options         TCP_COMPAT_42           #emulate 4.2BSD TCP bugs
options         MROUTING                # Multicast routing
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about
                                        # dropped packets
options         IPFIREWALL_FORWARD      #enable transparent proxy support
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         IPV6FIREWALL            #firewall for IPv6
options         IPV6FIREWALL_VERBOSE
options         IPV6FIREWALL_VERBOSE_LIMIT=100
options         IPV6FIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT                #divert sockets
options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
__________^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
options         IPSTEALTH               #support for stealth forwarding
options         TCPDEBUG
# means that you won't get stuck if the kernel and /sbin/ipfw binary get


[]s
calvin



"Alessandro O. Ungaro" wrote:

> Galera,
>
> como faco pro ipf fazer um log (por exemplo) de todas as tentativas de acesso pa porta bloqueada 21?
>
> ####
> block in quick on rl0 from any to any port = 21
> ####
>
> e onde esse log ficarah guardado?
>
> t+
>
> Alessandro
> ----
> Para sair da lista envie um e-mail para majordomo em fugspbr.org
> com as palavras "unsubscribe fugspbr" no corpo da mensagem.

--
Labor, n.:
        One of the processes by which A acquires property for B.
                -- Ambrose Bierce, "The Devil's Dictionary"


-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://www.fug.com.br/pipermail/freebsd/attachments/20010918/0e13ae41/attachment.html>


Mais detalhes sobre a lista de discussão freebsd