David A. Ranch <[EMAIL PROTECTED]> wrote:
>
> If you want to log all rejected/denied connections, put a "-o" at the
> end of all your deny/reject IPFWADM ruleset. If you want to log all
> successful connections for specific connections, etc.. put a "-o" on
> them too!
Note that just adding a "-o" will cause every PACKET to get logged, not
every CONNECTION. This will greatly increase the size of your logs.
If you want to do this kind of logging, you should have two rules in
place; one that logs the initial packet connection, and another that
continues the connection, but without logging. Something like this:
ipfwadm -F -a masq -S 192.168.1.0/24 -D 0/0 -P tcp -y -o
ipfwadm -F -a masq -S 192.168.1.0/24 -D 0/0
Two things are important here. One is that these rules are appended in
a particular order. The other is that the logging applies only to
packets which begin TCP connections (using the "-y" option). The second
rule is necessary to continue masquerading connections after they are
opened (they would no longer match the rule with the -y option).
The second rule does not have a "-P tcp" option, so that it will allow
other protocols, such as UDP or ICMP, to also be masqueraded, but
without logging.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
