PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285385

Hey Jim, following our discussion today, what's holding up this one is:

1. The commit body needs an explanation why
2. Then I need someone else who is familiar with ipfw to verify the syntax
3. Then I need mhorne or carlavilla to approve it

Then I would be able to commit it.

This issue concerns "Property Based Filters" as described in syslog.conf(5).

The errant entry is:

\# Log ipfw messages with "Deny" in the message body.
:msg, contains, ".*Deny.*"
*.* /var/log/ipfw.deny

In this example, the comparison operator is "contains" which does a substring match, not a regular expression match.
As shown, syslogd will not match an entry from ipfw with a rule such as:

02000 deny log tcp from 172.16.1.20 to me

because the log entry for this rule is:

Apr 13 11:58:06 external1 kernel: ipfw: 2000 Deny TCP 172.16.1.20:19569 172.16.1.10:23 in via em0

and the substring ".*Deny.*" does not appear.

However, by changing the Property Based Filter in syslog.conf to:

:msg, contains, "Deny"
*.* /var/log/ipfw.deny

and restarting syslog, subsequent denied TCP packets from 172.16.1.20 are logged as shown above.

Note that sysctl net.inet.ip.fw.verbose=1 must be set for ipfw to log to syslog.

That makes sense! If you "Edit Revision" from top right corner of the webapp, you could put:

In this example, the comparison operator is "contains" which does a substring match, not a regular expression match.

Where I put the angle brackets, and then that becomes the commit message body. After, you can verify with (in a new branch) git arc patch -c D49461 && git show.

Looks perfect!

This is just waiting on another IPFW SME to confirm.