From hohmuth@olymp.sax.de Sun Sep 19 06:37:15 1999
Return-Path: <hohmuth@olymp.sax.de>
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
	by hub.freebsd.org (Postfix) with ESMTP id BC93415040
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 19 Sep 1999 06:37:06 -0700 (PDT)
	(envelope-from hohmuth@olymp.sax.de)
Received: (from uucp@localhost)
	by sax.sax.de (8.8.8/8.8.8) with UUCP id PAA11067
	for FreeBSD-gnats-submit@freebsd.org; Sun, 19 Sep 1999 15:37:05 +0200 (CEST)
	(envelope-from hohmuth@olymp.sax.de)
Received: (from hohmuth@localhost)
	by olymp.sax.de (8.9.3/8.9.3) id PAA01468;
	Sun, 19 Sep 1999 15:35:16 +0200 (CEST)
	(envelope-from hohmuth)
Message-Id: <199909191335.PAA01468@olymp.sax.de>
Date: Sun, 19 Sep 1999 15:35:16 +0200 (CEST)
From: hohmuth@inf.tu-dresden.de
Sender: hohmuth@olymp.sax.de
Reply-To: hohmuth@inf.tu-dresden.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: `ipfw' doesn't grok "log" keyword
X-Send-Pr-Version: 3.2

>Number:         13818
>Category:       bin
>Synopsis:       `ipfw' doesn't grok "log" keyword
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 19 06:40:00 PDT 1999
>Closed-Date:    Thu Jan 6 02:40:56 PST 2000
>Last-Modified:  Thu Jan  6 02:46:42 PST 2000
>Originator:     Michael Hohmuth
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
none
>Environment:

FreeBSD olymp.sax.de 3.3-STABLE FreeBSD 3.3-STABLE #0: Sun Sep 19 02:14:59 CEST 1999     root@olymp.sax.de:/usr/src/sys/compile/OLYMPISDN  i386

This is FreeBSD-stable as of Sep 18, 1999.

>Description:

Since I last cvsup'd and made world, `ipfw' doesn't grok anymore the
log keyword described in the manual.  Previously, invoking `ipfw' like 
this would have the desired effect:

    # ipfw add deny log tcp from any to any in via ppp0 setup

Now, strangly, it prints:

    ipfw: sysctlbyname("net.inet.ip.fw.verbose_limit")

Also, when a rule containing the "log" keyword is in a command file,
and `ipfw' is invoked like "ipfw commandfile", then reading the
command file aborts at the line containing the "log" keyword, and all
lines after that line are ignored.

>How-To-Repeat:

# ipfw add deny log tcp from any to any

>Fix:
	
Workaround: Leave out the "log" keyword.

>Release-Note:
>Audit-Trail:

From: Doug <Doug@gorean.org>
To: hohmuth@inf.tu-dresden.de
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/13818: `ipfw' doesn't grok "log" keyword
Date: Tue, 21 Sep 1999 15:55:14 -0700 (PDT)

 On Sun, 19 Sep 1999 hohmuth@inf.tu-dresden.de wrote:
 
 > Since I last cvsup'd and made world, `ipfw' doesn't grok anymore the
 > log keyword described in the manual.  Previously, invoking `ipfw' like 
 > this would have the desired effect:
 > 
 >     # ipfw add deny log tcp from any to any in via ppp0 setup
 > 
 > Now, strangly, it prints:
 > 
 >     ipfw: sysctlbyname("net.inet.ip.fw.verbose_limit")
 
 	Since my -Stable is newer than yours and working as advertised I
 suspect that when you rebuilt your kernel you modified or left out the
 VERBOSE_LIMIT option. Try this command:
 
 sysctl net.inet.ip.fw.verbose_limit
 
 and you should get a number. I suspect you will get nothing or zero. If
 so, as a temporary measure you can (as root) do:
 
 sysctl -w net.inet.ip.fw.verbose_limit=2000
 
 You may also choose another value instead of 2000. Then if all works as it
 should try rebuilding your kernel with the appropriate firewall options
 from the LINT file.
 
 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Thu Jan 6 02:40:56 PST 2000 
State-Changed-Why:  
Pilot error. 
>Unformatted:
