I expected that if I log on a stateful firewall with a typical dynamic rule to allow ssh setup like:
ipfw add 4000 skipto 9000 log logamount 0 tcp from any to $oip ssh in recv $oif setup keep-state
that the setup match would be logged, the dynamic rule would be created, and I would see one log record every time there is a new ssh connect.
What I am observing is that the dynamic rule gets created for somehost to $oip on port 22 with the log element. So every packet that matches the dynamic rule is logged, not just the setup. Many many many packets.
Is there any way to prevent logging within the dynamic rules to get the behavior I expected?
Thanks!
ipfw add 4000 skipto 9000 log logamount 0 tcp from any to $oip ssh in recv $oif setup keep-state
that the setup match would be logged, the dynamic rule would be created, and I would see one log record every time there is a new ssh connect.
What I am observing is that the dynamic rule gets created for somehost to $oip on port 22 with the log element. So every packet that matches the dynamic rule is logged, not just the setup. Many many many packets.
Is there any way to prevent logging within the dynamic rules to get the behavior I expected?
Thanks!