ipfw source and syslog
ipfw source and syslog
- Subject: ipfw source and syslog
- From: Jeremy <email@hidden>
- Date: Wed, 24 Dec 2008 10:02:21 -0600
Trying to find the source for the implementation of ipfw included in OS X 10.5.
Specifically I'm trying to find out what syslog facility ipfw is supposed to log to.
The manpage for ipfirewall(4) states that it logs to LOG_SECURITY, as does the code in ip_fw2.c from the FreeBSD site (
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c). According to /usr/include/sys/syslog.h the LOG_SECURITY facility is aliased to LOG_AUTH, so messages should be available there.
However, none of the above information seems to match reality. When
net.inet.ip.fw.verbose is set to 1 then ipfw messages are sent to the
facility LOG_KERN at the debug level. When net.inet.ip.fw.verbose is
set to 2 then ipfw messages are sent to /var/appfirewall.log in a
slightly non-standard format. Example:
"Dec 15 13:55:17 hostname Firewall
73: 65534 Deny TCP x.x.x.x:51182 x.x.x.x:9 in via en0"
vs.
"Dec 15 12:25:18 hostname kernel[0]: ipfw: 65534 Deny TCP x.x.x.x:45768 x.x.x.x:1002 in via en0"
So it appears that the source on the FreeBSD site is not that which is
in use in OS X. Does anyone know where the actual in use ipfw source can
be acquired?
Thanks.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden