Identifying traffic logged by ipfw
From: Ben Beuchler (insyte_at_emt-p.org)
Date: 04/16/04
- Previous message: OMAR SAID ROSAS CORBALA: "bigsister"
- Next in thread: Dancho Penev: "Re: Identifying traffic logged by ipfw"
- Reply: Dancho Penev: "Re: Identifying traffic logged by ipfw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 16 Apr 2004 12:51:31 -0500 To: freebsd-questions@freebsd.org
I'm working on a new bridging firewall using ipfw on FBSD 5.1. The goal
is to default to closed with a few exceptions. To test my ruleset, I end
with this rule:
add 420 allow log ip from any to any
The idea is that by watching the logs I could see what protocols I forgot
to create rules for. This is what I'm getting in the logs:
Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2
I'm guessing this means it's matching non-ip traffic, but I couldn't find
any info to confirm this. Is there any sort of trick I could use to log
the entire packet? Since nothing about the source or destination was
logged, I don't have enough info to create a tcpdump filter. Perhaps some
sort of divert rule?
Thanks!
-Ben
-- Ben Beuchler There is no spoon. insyte@emt-p.org -- The Matrix _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: OMAR SAID ROSAS CORBALA: "bigsister"
- Next in thread: Dancho Penev: "Re: Identifying traffic logged by ipfw"
- Reply: Dancho Penev: "Re: Identifying traffic logged by ipfw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
