diff options
| author | manu <manu@FreeBSD.org> | 2018-03-02 15:17:42 +0000 |
|---|---|---|
| committer | manu <manu@FreeBSD.org> | 2018-03-02 15:17:42 +0000 |
| commit | 532ce31b775d4979ac8c8953b460fd712426636a (patch) | |
| tree | 6a69c7e92eef8b9ccec5a7597d59a8b952e9ea9c /share | |
| parent | d2b8c34fb582c5955ba82dbaf207e79abdb14f8b (diff) | |
| download | FreeBSD-src-532ce31b775d4979ac8c8953b460fd712426636a.zip FreeBSD-src-532ce31b775d4979ac8c8953b460fd712426636a.tar.gz | |
MFC r320943-r320944, r321008, r321072, r321128
r320943:
Add ipfw_status command to etc/rc.d/ipfw
This is helpful when using service/conf management tools.
Sonsored-By: Gandi.net
r320944:
Add an rc.d script to setup a netflow export via ng_netflow
The default is to export netflow data on localhost on the netflow port.
ngtee is used to have the lowest overhead possible.
The ipfw ng hook is the netflow port (it can only be numeric)
Default is netflow version 5.
Sponsored-By: Gandi.net
Reviewed by: bapt (earlier version), olivier (earlier version)
r321008:
etc/rc.d: Only install ipfw_netflow is MK_IPFW and MK_NETGRAPH is defined
While here only install ipfw rc script if MK_IPFW is defined.
Reported by: ngie
r321072:
ipfw_netflow: add +ipfw_netflow_enable="NO" to defaults/rc.conf and document
usage in rc.conf(5)
Reported by: markj
Sponsored by: Gandi.net
r321128:
ipfw_netflow: Add support for FIB
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.
While here correct some value in rc.conf(5) to be int and not str.
Sponsored by: Gandi.net
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/rc.conf.5 | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 0ccfea4..13ec2b7 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -594,6 +594,44 @@ module if is also set to .Dq Li YES . .\" ------------------------------------------------------------------- +.It Va ipfw_netflow_enable +.Pq Vt bool +Setting this to +.Dq Li YES +will enable netflow logging via +.Xr ng_netflow 4 +.Pp +By default a ipfw rule is inserted and all packets are duplicated with +the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow +port using protocol version 5. +.It Va ipfw_netflow_hook +.Pq Vt int +netflow hook name, must be numerical +(default +.Pa 9995 ) . +.It Va ipfw_netflow_rule +.Pq Vt int +ipfw rule number +(default +.Pa 1000 ) . +.It Va ipfw_netflow_ip +.Pq Vt str +Destination server ip for receiving netflow data +(default +.Pa 127.0.0.1 ) . +.It Va ipfw_netflow_port +.Pq Vt int +Destination server port for receiving netflow data +(default +.Pa 9995 ) . +.It Va ipfw_netflow_version +.Pq Vt int +Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9. +.It Va ipfw_netflow_fib +.Pq Vt int +Only match packet in FIB +.Pa ipfw_netflow_fib +(default is undefined meaning all FIBs). .It Va natd_program .Pq Vt str Path to |
