RE: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world?
Verbose limit is a sysctl knob now, you can display it to see current setting or change it without a reboot. Check your newsyslog.conf file to very the rotate trigger is the same as you were using before. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rob Sent: Sunday, July 04, 2004 12:37 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world? Hello, I have one PC with updated kernel/world from June 25th, and another from June 10th, all with sources for STABLE. Both PCs have a firewall. Neither of the two seems to obey the verbose limit of 100, that I put in the kernel configuration file. In the past, /var/log/secure used to rotate once a week or so, but now it does in less than 30 minutes due to the overwhelming amount of firewall logs. The kernel configuration has following lines, related to the firewall: options IPDIVERT options IPFW2 # version 2 IPFW options IPFIREWALL # firewall options IPFIREWALL_VERBOSE # enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=100# limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT# allow everything by default and I have in /etc/make.conf: IPFW2=TRUE Any idea what is going wrong here? Thanks, Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world?
Dan Pelleg wrote: I have a patch for that in kern/46080. Note I haven't tested it in a while http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/46080 So what I observed (security logfile get floaded with ipfw2 logs) is actually a kind of bug. If so, I'd rather wait till the fix makes it into the official sources. If not, then I won't change my own sources. Work around for now could be to add a logamount statement to each of the logging rules of ipfw2. Right? Thanks! Regards, Rob. PS: does this problem also occur in CURRENT, which uses by default IPFW2 ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world?
Adding an logamount option to each logging rules would be to long way work around. Adding net.inet.ip.fw.verbose_limit=100 to /etc/sysctl.conf would be the short way. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rob Sent: Sunday, July 04, 2004 8:15 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world? Dan Pelleg wrote: I have a patch for that in kern/46080. Note I haven't tested it in a while http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/46080 So what I observed (security logfile get floaded with ipfw2 logs) is actually a kind of bug. If so, I'd rather wait till the fix makes it into the official sources. If not, then I won't change my own sources. Work around for now could be to add a logamount statement to each of the logging rules of ipfw2. Right? Thanks! Regards, Rob. PS: does this problem also occur in CURRENT, which uses by default IPFW2 ? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFIREWALL_VERBOSE_LIMIT ignored by recent kernel/world?
JJB wrote: Adding an logamount option to each logging rules would be to long way work around. Adding net.inet.ip.fw.verbose_limit=100 to /etc/sysctl.conf would be the short way. You're right with IPFW, but you missed Dan Pelleg's note that this seems not to work with IPFW2; for some reason IPFW2 ignores the verbose_limit setting in the kernel and defaults to net.inet.ip.fw.verbose_limit=0 when logamount is not there; so unlimited logging. Adding logamount explicitly with each log rule, will work around this bug for the moment. NOTE: it only seems to affect IPFW2. Rob. Dan Pelleg wrote: I have a patch for that in kern/46080. Note I haven't tested it in a while http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/46080 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]