Re: IPF - Logging

Am 29.05.2013 schrieb Oliver Fromme:
> Irgendwas passt da nicht zusammen. In GENRIC ist IPF gar
> nicht drin, und es gibt IPF auch nicht als Modul, soviel
> ich weiß. Also, entweder verwendest Du nicht GENERIC,
> oder Du verwechselst IPF mit IPFW.

Am 30.05.2013 schrieb Peter Ross:
> Wenn Du wirklich IPFILTER verwendest, mußt Du meines Wissens einen
> neuen Kernel bauen

Jetzt verstehe ich gar nichts mehr! Im (englischen) FreeBSD-Handbuch steht:
"IPF is included in the basic FreeBSD install as a kernel loadable module"

Ich habe auch *keinen* eigenen Kernel gebaut und ich habe IPF aktiviert.
/etc/rc.conf:
[...]
gateway_enable="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
[...]

Wenn es nun IPF im GENERIC gar nicht gibt, dann müßten diese rc.conf-Zeilen
doch Fehler werfen. Es sind auch die ipf.rules an denen der Datenverkehr
hängen bleibt.

Das hier ist die Ausgabe von ipfstat:
26 pass out quick on lo0 all
0 pass out log quick on tun0 proto tcp from any to 213.191.74.18/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 213.191.74.18/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 213.191.92.87/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 213.191.92.87/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 213.191.74.19/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 213.191.74.19/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 213.191.92.86/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 213.191.92.86/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 62.109.123.196/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 62.109.123.196/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 62.109.123.6/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 62.109.123.6/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 62.109.123.197/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 62.109.123.197/32 port = domain keep state
0 pass out log quick on tun0 proto tcp from any to 62.109.123.7/32 port = domain flags S/FSRPAU keep state
0 pass out log quick on tun0 proto udp from any to 62.109.123.7/32 port = domain keep state
9 pass out quick on tun0 proto tcp from any to any port = http flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = https flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = pop3 flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = smtp flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = time flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = nntp flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = ftp flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = ssh flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = telnet flags S/FSRPAU keep state
0 pass out quick on tun0 proto tcp from any to any port = cvsup flags S/FSRPAU keep state
0 pass out quick on tun0 proto icmp from any to any icmp-type echo keep state
0 pass out quick on tun0 proto tcp from any to any port = nicname flags S/FSRPAU keep state
390 block out log first quick on tun0 all

Wie könnte das sein, wenn ich IPF gar nicht habe? Ich meine auch wirklich
IPF, die mit dem eigenen FTP-Proxy.

Tschüß,

-- 
... und denke stets daran: Die Welt ist ein Würfel!
Erik Niemeyer
(Ork42(at)3w20.de)
3W20+4 - Die vergurkteste DSA-Seite im Netz
http://www.3w20.de
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-bsd-questions" in the body of the message