by Hi,
I have a set of ipfwadm rules for a machine whose purpose is to accept
everything, but log certain packets that are accepted. I can't seem to
figure out why it isn't logging. Does anyone have any ideas?
Here is the script that sets up the ipfwadm rules:
# Some definitions
IPFWADM="/sbin/ipfwadm"
LOCALHOST="128.100.193.0/255.255.254.0"
ANYWHERE="any/0"
UNPRIVPORTS="1024:65535"
# The rules.
# Default to deny
$IPFWADM -I -p deny
$IPFWADM -O -p deny
$IPFWADM -F -p deny
# First, unlimited outputs and forwards.
$IPFWADM -O -a accept -P tcp
$IPFWADM -O -a accept -P udp
$IPFWADM -O -a accept -P icmp
$IPFWADM -F -a accept -P tcp
$IPFWADM -F -a accept -P udp
$IPFWADM -F -a accept -P icmp
# Next, all things we don't log.
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 113 -D $LOCALHOST
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 139 -D $LOCALHOST
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 22 -D $LOCALHOST
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 9999 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 520 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 138 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 137 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 68 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 67 -D $LOCALHOST
# Now log anything else that comes in and is destined for me
$IPFWADM -I -o -a accept -P tcp -D $LOCALHOST
$IPFWADM -I -o -a accept -P udp -D $LOCALHOST
# Don't bother to log icmp since we can't differentiate by type/code
$IPFWADM -I -a accept -P icmp