Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
| Show First 20 Lines • Show All 1,691 Lines • ▼ Show 20 Lines | <filename>/etc/ipfw.rules</filename>:</para> | ||||
| <screen>&prompt.root; <userinput>sysrc firewall_script="/etc/ipfw.rules"</userinput></screen> | <screen>&prompt.root; <userinput>sysrc firewall_script="/etc/ipfw.rules"</userinput></screen> | ||||
| <para>To enable logging through &man.syslogd.8;, include this | <para>To enable logging through &man.syslogd.8;, include this | ||||
| line:</para> | line:</para> | ||||
| <screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen> | <screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen> | ||||
| <warning> | |||||
| <para>Only firewall rules with the <option>log</option> option will | |||||
| be logged. The default rules do not include this option and it | |||||
| must be manually added. Therefor it is advisable that the default | |||||
| ruleset is edited for logging. In addition, log rotation may be | |||||
| desired if the logs are stored in a separate file.</para> | |||||
| </warning> | |||||
| <para>There is no <filename>/etc/rc.conf</filename> variable to | <para>There is no <filename>/etc/rc.conf</filename> variable to | ||||
| set logging limits. To limit the number of times a rule is | set logging limits. To limit the number of times a rule is | ||||
| logged per connection attempt, specify the number using this | logged per connection attempt, specify the number using this | ||||
| line in <filename>/etc/sysctl.conf</filename>:</para> | line in <filename>/etc/sysctl.conf</filename>:</para> | ||||
| <screen>&prompt.root; <userinput>sysrc -f /etc/sysctl.conf net.inet.ip.fw.verbose_limit=<replaceable>5</replaceable></userinput></screen> | <screen>&prompt.root; <userinput>sysrc -f /etc/sysctl.conf net.inet.ip.fw.verbose_limit=<replaceable>5</replaceable></userinput></screen> | ||||
| <para>To enable logging through a dedicated interface named | <para>To enable logging through a dedicated interface named | ||||
| ▲ Show 20 Lines • Show All 2,078 Lines • Show Last 20 Lines | |||||