You may have to explicitly add local0.* (which is what ipmon uses by default) to your syslog.conf
on my FreeBSD 4.8 firewall, I've got these: local0.* /var/log/firewall.log local1.* /var/log/smtp.log and this in my ipf rules: log level local1.info in on ep0 proto tcp from any to any port = 25 flags S/AUPRFS Hope that helps. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sebastian Anzaldi Sent: January 27, 2006 3:34 PM To: [email protected] Subject: Rv: RE: Problem running ipmon under FreeBSD/Sparc64 I really apreciate your help. Regards. This is my syslog.conf *.err;kern.warning;auth.notice;mail.crit /dev/console *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log This is my rules set: block in quick all with short block in quick all with frag block in quick on hme0 proto tcp all flags FUP block in quick on hme0 from 192.168.0.0/16 to any block in quick on hme0 from 172.16.0.0/12 to any block in quick on hme0 from 127.0.0.0/8 to any block in quick on hme0 from 10.0.0.0/8 to any block in quick on hme0 from 0.0.0.0/8 to any block in quick on hme0 from 169.254.0.0/16 to any block in quick on hme0 from 192.0.2.0/24 to any block in quick on hme0 from 204.152.64.0/23 to any block in quick on hme0 from 224.0.0.0/3 to any block in quick on hme0 from any to 10.0.0.0/32 block in quick on hme0 from any to 10.0.255.255/32 block in quick on hme0 from any to 192.168.0.0/32 block in quick on hme0 from any to 192.168.255.255/32 pass in quick on hme0 proto tcp from any to 200.26.56.112 port = 80 flags S keep state pass in quick on hme0 proto tcp from any to 200.26.56.112 port = 443 flags S keep state block in quick on hme0 all block out quick on hme0 all pass in quick on hme1 proto tcp/udp from 10.7.1.16 to 10.1.0.0/16 keep state block in quick on hme1 all pass out quick on hme1 proto icmp from 10.7.1.1 to 10.7.1.0/24 icmp-type 8 keep state block out quick on hme1 all pass in log quick on hme2 proto tcp from 10.86.0.0/16 to 10.7.1.16 port = 3389 flags S keep state pass in log quick on hme2 proto tcp from 10.86.0.0/16 to 10.1.15.6 port = 22 flags S keep state pass in log quick on hme2 proto icmp from 10.86.0.0/16 to 10.1.15.6 icmp-type 8 keep state block in quick on hme2 all pass out log quick on hme2 proto icmp from 10.1.15.6 to any icmp-type 8 keep state pass out log quick on hme2 proto udp from 10.1.15.6 to 10.1.10.1 port = 53 keep state pass out log quick on hme2 proto udp from 10.1.15.6 to 10.1.10.5 port = 53 keep state block in quick all block out quick all ___________________________________________________________ 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar
