Re: ipfw source and syslog
Re: ipfw source and syslog
- Subject: Re: ipfw source and syslog
- From: Iceberg-Dev <email@hidden>
- Date: Wed, 24 Dec 2008 18:21:49 +0100
On Dec 24, 2008, at 5:02 PM, Jeremy wrote:
Trying to find the source for the implementation of ipfw included
in OS X 10.5.
Specifically I'm trying to find out what syslog facility ipfw is
supposed to log to.
The manpage for ipfirewall(4) states that it logs to LOG_SECURITY,
as does the code in ip_fw2.c from the FreeBSD site (http://
www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw2.c). According
to /usr/include/sys/syslog.h the LOG_SECURITY facility is aliased
to LOG_AUTH, so messages should be available there.
However, none of the above information seems to match reality. When
net.inet.ip.fw.verbose is set to 1 then ipfw messages are sent to
the facility LOG_KERN at the debug level. When
net.inet.ip.fw.verbose is set to 2 then ipfw messages are sent to /
var/appfirewall.log in a slightly non-standard format. Example:
"Dec 15 13:55:17 hostname Firewall73: 65534 Deny TCP x.x.x.x:51182
x.x.x.x:9 in via en0"
vs.
"Dec 15 12:25:18 hostname kernel[0]: ipfw: 65534 Deny TCP x.x.x.x:
45768 x.x.x.x:1002 in via en0"
So it appears that the source on the FreeBSD site is not that which
is in use in OS X. Does anyone know where the actual in use ipfw
source can be acquired?
ipfw has been integrated into the xnu kernel as far as I know.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden