Re: log vs keep state

This is a discussion on Re: log vs keep state within the IPFilter forums, part of the System Security and Security Related category; On Sun, May 14, 2006 at 09:39:28PM +1000, Darren Reed wrote: > I believe this does what you ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: log vs keep state

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-14-2006
Ben Collver
 
Posts: n/a
Default Re: log vs keep state
On Sun, May 14, 2006 at 09:39:28PM +1000, Darren Reed wrote:
> I believe this does what you want:
> pass in log on foo0 proto tcp all flags S keep state

That does what I want, thank you!

I notice that ipfstat reports a high number in "log failures:". If I
read NetBSD 3.0 correctly, ipl keeps up to 8 packets logged at once, and
ipmon just isn't keeping up.

I was hoping to use this for multiple things, most importantly a log of
every NAT'ed TCP connection and UDP packet. It would also be nice to
use it for accounting (ie: How many bytes did such-and-such machine
transfer, and at what times, and to which other machines?) So I want to
keep holes to an absolute minimum.

Can you offer advice? I am not sure whether to increase the size of the
log buffer, to use tcpdump instead, or to do something else altogether.

Thank you for your time,

Ben
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:01 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0