Subject: Logging packets dropped by IPFW

Is there any way to generate log information
about the packets dropped by IPFW?  The 'log'
modifier doesn't seem to do anything ...

options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity

Thanks, Micheal. The manpage didn't mention that logging was a compile-time option; I'm recompiling now...

Took another very careful look at the manpage, and discovered that recompiling wasn't necessary after all:

# sysctl net.inet.ip.fw.verbose=1

suffices to turn it on.  The IPFIREWALL_VERBOSE
compile option just changes the default for this sysctl.
Make this permanent by adding the line:


to /etc/sysctl.conf.


