ipfwadm logging rules don't log!

ipfwadm logging rules don't log!

Post by Richar » Sun, 31 Dec 1899 09:00:00


I have a set of ipfwadm rules for a machine whose purpose is to accept
everything, but log certain packets that are accepted.  I can't seem to
figure out why it isn't logging.  Does anyone have any ideas?

Here is the script that sets up the ipfwadm rules:

# Some definitions

# The rules.

# Default to deny

$IPFWADM -I -p deny
$IPFWADM -O -p deny
$IPFWADM -F -p deny

# First, unlimited outputs and forwards.

$IPFWADM -O -a accept -P tcp
$IPFWADM -O -a accept -P udp
$IPFWADM -O -a accept -P icmp

$IPFWADM -F -a accept -P tcp
$IPFWADM -F -a accept -P udp
$IPFWADM -F -a accept -P icmp

# Next, all things we don't log.

$IPFWADM -I -a accept -P tcp -S $ANYWHERE 113 -D $LOCALHOST
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 139 -D $LOCALHOST
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 22 -D $LOCALHOST
$IPFWADM -I -a accept -P tcp -S $ANYWHERE 9999 -D $LOCALHOST

$IPFWADM -I -a accept -P udp -S $ANYWHERE 520 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 138 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 137 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 68 -D $LOCALHOST
$IPFWADM -I -a accept -P udp -S $ANYWHERE 67 -D $LOCALHOST

# Now log anything else that comes in and is destined for me

$IPFWADM -I -o -a accept -P tcp -D $LOCALHOST
$IPFWADM -I -o -a accept -P udp -D $LOCALHOST

# Don't bother to log icmp since we can't differentiate by type/code

$IPFWADM -I -a accept -P icmp