ipfw firewall
Polytropon
freebsd at edvax.de
Sat Feb 17 23:25:30 UTC 2018
On Sat, 17 Feb 2018 17:17:36 -0500, Stari Karp wrote:
> Hi!
>
> I am using FreeBSD 11.1-RELEASE (amd64), single desktop computer. I try
> to setup a IPFW firewall and I am confused about logging settings.
> In /etc/rc.conf I have:
> firewall_enable="YES"
> firewall_quiet="YES"
> firewall_type="workstation"
> firewall_logdeny="YES"
> firewall_logging="YES"
>
> When I start computer I got about firewall:
> ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to
> deny, logging disable
> In /var/log/security is: newsyslog[28503]: logfile first created
>
> How should I know if firewall works?
Easiest way: with an external test, for example with nmap.
> I had to use pf firewall and I had
> so many logs related to "igmp query v3".
You can set IPFW's default logging at kernel compile time
(example from an older system):
# Firewall, NAT
options DUMMYNET
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
options IPFILTER
options IPDIVERT
Today, those can probably be configured dynamically.
I don't know if there is a "kernel tunable" for those
setting, but it probably is.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list