IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world?
Rob
stopspam at users.sourceforge.net
Sun Jul 4 06:00:14 PDT 2004
JJB wrote:
> Adding an "logamount" option to each logging rules would be to "long
> way work around".
> Adding net.inet.ip.fw.verbose_limit=100 to /etc/sysctl.conf would be
> the short way.
You're right with IPFW, but you missed Dan Pelleg's note that this seems
not to work with IPFW2; for some reason IPFW2 ignores the verbose_limit
setting in the kernel and defaults to "net.inet.ip.fw.verbose_limit=0"
when logamount is not there; so unlimited logging.
Adding logamount explicitly with each log rule, will work around this
bug for the moment.
NOTE: it only seems to affect IPFW2.
Rob.
>
> Dan Pelleg wrote:
>> I have a patch for that in kern/46080. Note I haven't tested it in
> a while
>>
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/46080
More information about the freebsd-questions
mailing list