Note that, even if logging is enabled in rc.conf, IPFW rules still need the "log"

keyword to create logs. Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D19513
svn path=/head/; revision=52855
2019-03-11 15:04:02 +00:00 · 2019-03-11 15:04:02 +00:00 · aa4b126086 · 2020-12-08 03:00:23 +00:00
commit aa4b126086
parent 41b8401711
1 changed files with 8 additions and 0 deletions
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
@ -1697,6 +1697,14 @@ block drop out quick on $ext_if from any to $martians</programlisting>

      <screen>&prompt.root; <userinput>sysrc firewall_logging="YES"</userinput></screen>

+      <warning>
+	<para>Only firewall rules with the <option>log</option> option will
+	  be logged.  The default rules do not include this option and it
+	  must be manually added.  Therefor it is advisable that the default
+	  ruleset is edited for logging.  In addition, log rotation may be
+	  desired if the logs are stored in a separate file.</para>
+      </warning>
+
      <para>There is no <filename>/etc/rc.conf</filename> variable to
 	set logging limits.  To limit the number of times a rule is
 	logged per connection attempt, specify the number using this