[Bug 260609] rc.firewall options nologports but no logports ?

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 260609] rc.firewall options nologports but no logports ?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 22 Dec 2021 14:12:10 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260609

            Bug ID: 260609
           Summary: rc.firewall options nologports but no logports ?
           Product: Base System
           Version: 13.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: conf
          Assignee: bugs@FreeBSD.org
          Reporter: belot.nicolas@gmail.com

Hello,

When configuring firewall with type workstation, we can log nothing, all but
max 500 logs or all except some tcp/udp ports. It's not possible to log some
specific port except using firewall script but that's a great loose in term of
configuration readabilty.

Is there a way to implement a rc variable firewall_logports or
firewall_forcelogports and for example create rules accordingly 

  if [ -n "${firewall_logports}" ] ; then
    sysctl net.inet.ip.fw.verbose=1 >/dev/null
    log="log logamount 500"   # The default of 100 is too low.
    for i in ${firewall_logports} ; do
      ${fwcmd} add deny $log ip from any to me $i in
    done
  fi

?

Best regards
Nicolas

-- 
You are receiving this mail because:
You are the assignee for the bug.