diff options
author | ru <ru@FreeBSD.org> | 2001-02-22 09:12:44 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2001-02-22 09:12:44 +0000 |
commit | 9177fc64e9e5253241780984ee8a436013c9d04d (patch) | |
tree | acc8af31591f04b1cac950189cac631af2e85f1d /share/man/man4/ipfirewall.4 | |
parent | 2b6e7321066bfb61ca96180fa7544d984287595d (diff) | |
download | FreeBSD-src-9177fc64e9e5253241780984ee8a436013c9d04d.zip FreeBSD-src-9177fc64e9e5253241780984ee8a436013c9d04d.tar.gz |
Document that the IPFW messages are logged via syslogd(8).
Diffstat (limited to 'share/man/man4/ipfirewall.4')
-rw-r--r-- | share/man/man4/ipfirewall.4 | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/share/man/man4/ipfirewall.4 b/share/man/man4/ipfirewall.4 index 679d16f..63043e4 100644 --- a/share/man/man4/ipfirewall.4 +++ b/share/man/man4/ipfirewall.4 @@ -30,7 +30,7 @@ normally causes all packets to be dropped. Hence, any packet which does not match a lower numbered rule will be dropped. However, a kernel compile time option -.Dq IPFIREWALL_DEFAULT_TO_ACCEPT +.Dv IPFIREWALL_DEFAULT_TO_ACCEPT allows the administrator to change this fixed rule to permit everything. .Pp The value passed to @@ -118,14 +118,14 @@ than are skipped. .Ss Kernel Options Options in the kernel configuration file: -.Bl -tag -width "optionsXIPFIREWALL_VERBOSE_LIMIT" +.Bl -tag -width "options IPFIREWALL_VERBOSE_LIMIT" .It Cd options IPFIREWALL enable .Nm .It Cd options IPFIREWALL_VERBOSE -enable firewall output +enable firewall logging .It Cd options IPFIREWALL_VERBOSE_LIMIT -limit firewall output +limit firewall logging .It Cd options IPDIVERT enable .Xr divert 4 @@ -134,11 +134,19 @@ sockets .Pp When packets match a rule with the .Dv IP_FW_F_PRN -bit set, a message -is logged to the console if +bit set, and if .Dv IPFIREWALL_VERBOSE -has been enabled; -Dq IPFIREWALL_VERBOSE_LIMIT +has been enabled, +a message is written to +.Pa /dev/klog +with the +.Dv LOG_SECURITY +facility +(see +.Xr syslog 3 ) +for further logging by +.Xr syslogd 8 ; +.Dv IPFIREWALL_VERBOSE_LIMIT limits the maximum number of times each rule can cause a log message. These variables are also @@ -172,9 +180,9 @@ An invalid rule number was used. .Xr divert 4 , .Xr ip 4 , .Xr ipfw 8 , -.Xr sysctl 8 +.Xr sysctl 8 , +.Xr syslogd 8 .Sh BUGS -.Pp This man page still needs work. .Sh HISTORY The ipfw facility was initially written as package to BSDI |