Bug 13818
| Summary: | `ipfw' doesn't grok "log" keyword | ||
|---|---|---|---|
| Product: | Base System | Reporter: | hohmuth <hohmuth> |
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 3.3-STABLE | ||
| Hardware: | Any | ||
| OS: | Any | ||
On Sun, 19 Sep 1999 hohmuth@inf.tu-dresden.de wrote: > Since I last cvsup'd and made world, `ipfw' doesn't grok anymore the > log keyword described in the manual. Previously, invoking `ipfw' like > this would have the desired effect: > > # ipfw add deny log tcp from any to any in via ppp0 setup > > Now, strangly, it prints: > > ipfw: sysctlbyname("net.inet.ip.fw.verbose_limit") Since my -Stable is newer than yours and working as advertised I suspect that when you rebuilt your kernel you modified or left out the VERBOSE_LIMIT option. Try this command: sysctl net.inet.ip.fw.verbose_limit and you should get a number. I suspect you will get nothing or zero. If so, as a temporary measure you can (as root) do: sysctl -w net.inet.ip.fw.verbose_limit=2000 You may also choose another value instead of 2000. Then if all works as it should try rebuilding your kernel with the appropriate firewall options from the LINT file. State Changed From-To: open->closed Pilot error. |
Since I last cvsup'd and made world, `ipfw' doesn't grok anymore the log keyword described in the manual. Previously, invoking `ipfw' like this would have the desired effect: # ipfw add deny log tcp from any to any in via ppp0 setup Now, strangly, it prints: ipfw: sysctlbyname("net.inet.ip.fw.verbose_limit") Also, when a rule containing the "log" keyword is in a command file, and `ipfw' is invoked like "ipfw commandfile", then reading the command file aborts at the line containing the "log" keyword, and all lines after that line are ignored. Fix: Workaround: Leave out the "log" keyword. How-To-Repeat: # ipfw add deny log tcp from any to any