Hi, All! I've make a small patch that add a rule action tracing feature to ipfw2.
http://butcher.heavennet.ru/patches/kernel/ipfw_trace/ This patch can be usefull when you have too many ipfw-rules. When some packets not pass ipfw - It is not easy to determine rule which block these packets. How to use: # ipfw add 1 count tag <SOME_TAG> <RULE_BODY> # sysctl net.inet.ip.fw.trace_tag=<SOME_TAG> # tail -f /var/log/security <SOME_TAG> - some tag number <RULE_BODY> - rule for matching needed packets What you think about that? -- WBR, Andrey V. Elsukov _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
