Add firewall_logging knob to enable/disablle events logging, disabled

by default. Needed mainly for ipfw kernel module to enable logging
disabled there.

8 files changed, 71 insertions, 0 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 9ce5d1d..f452696 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -46,6 +46,7 @@ firewall_enable="NO"		# Set to YES to enable firewall functionality
 firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
+firewall_logging="NO"           # Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
 natd_program="/sbin/natd"	# path to natd, if you want a different one.
 natd_enable="NO"                # Enable natd (if firewall_enable == YES).
diff --git a/etc/network.subr b/etc/network.subr
index dd60e89..a03e000 100644
--- a/etc/network.subr
+++ b/etc/network.subr
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index dd60e89..a03e000 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index dd60e89..a03e000 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index dd60e89..a03e000 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index dd60e89..a03e000 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index dd60e89..a03e000 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
diff --git a/etc/rc.network b/etc/rc.network
index dd60e89..a03e000 100644
--- a/etc/rc.network
+++ b/etc/rc.network
@@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;