I am making some network traffic debug to configure IPFW rules, and i noticed extrange behaviour when i enable firewall_logging option.
I start my system and the configuration option is disabled:
I check it manually:
My last IPFW(/etc/ipfw.rules) rule is:
So I don't log any packet to syslog: /var/log/security but I can sniff it using ipfw0 interface.
I change the logging parameter to YES and restart IPFW process:
In that way I log packets to syslog: /var/log/security
But if I disable it and restart IPFW process, it continues logging:
It continues logging packet information:
The only manner to disable is to set parameter to NO and reboot system.
Have I misunderstood anything? What am I doing wrong?
Best regards.
I start my system and the configuration option is disabled:
Code:
odyssey # ~> grep firewal /etc/rc.conf
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
firewall_logif="YES"
firewall_logging="NO"
Code:
odyssey # ~> sysrc firewall_logging
firewall_logging: NO
My last IPFW(/etc/ipfw.rules) rule is:
Code:
$cmd 60000 deny log all from any to any
I change the logging parameter to YES and restart IPFW process:
Code:
odyssey # ~> sysrc firewall_logging=YES
firewall_logging: NO -> YES
Code:
odyssey # ~> service ipfw restart
Firewall rules loaded.
ifconfig: interface ipfw0 already exists
Firewall logging pseudo-interface (ipfw0) created.
Code:
May 15 12:51:24 odyssey kernel: ipfw: 60000 Deny TCP 192.168.69.4:36681 192.168.69.170:44 in via bge0
Code:
odyssey # ~> sysrc firewall_logging=NO
firewall_logging: YES -> NO
Code:
odyssey # ~> service ipfw restart
Firewall rules loaded.
ifconfig: interface ipfw0 already exists
Firewall logging pseudo-interface (ipfw0) created.
Code:
May 15 12:52:45 odyssey kernel: ipfw: 60000 Deny TCP 192.168.69.4:32510 192.168.69.170:44 in via bge0
The only manner to disable is to set parameter to NO and reboot system.
Code:
odyssey # ~> sysrc firewall_logging=NO
firewall_logging: YES -> NO
Code:
odyssey # ~> shutdown -r now
Best regards.