From rfg@monkeys.com Fri Oct 29 09:53:59 1999
Return-Path: <rfg@monkeys.com>
Received: from monkeys.com (i180.value.net [206.14.136.180])
	by hub.freebsd.org (Postfix) with ESMTP id 0779314DB0
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 29 Oct 1999 09:53:51 -0700 (PDT)
	(envelope-from rfg@monkeys.com)
Received: (from rfg@localhost)
	by monkeys.com (8.9.3/8.9.3) id JAA01089;
	Fri, 29 Oct 1999 09:53:49 -0700 (PDT)
Message-Id: <199910291653.JAA01089@monkeys.com>
Date: Fri, 29 Oct 1999 09:53:49 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@monkeys.com>
Reply-To: rfg@monkeys.com (Ronald F. Guilmette)
To: FreeBSD-gnats-submit@freebsd.org
Subject: The ipfw `log' suboption is not documented
X-Send-Pr-Version: 3.2

>Number:         14595
>Category:       docs
>Synopsis:       The ipfw `log' suboption is not documented
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    nbm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 29 10:00:01 PDT 1999
>Closed-Date:    Wed Jan 19 02:05:05 PST 2000
>Last-Modified:  Wed Jan 19 02:10:04 PST 2000
>Originator:     Ronald F. Guilmette
>Release:        FreeBSD 3.3-RELEASE i386
>Organization:
E-Scrub Technologies, Inc.
>Environment:

>Description:

	Looking over the default /etc/rc.firewall script, I see that there
	is a "log" sub-option available for the "deny" option, but this
	sub-option doesn't seem to be documented well (or at all) in ipfw(8).

	The logging feature is obviously quite useful.  I just wish that I
	knew where the log records would be written so that I could go and
	have a look at them.

>How-To-Repeat:

	man 8 ipfw

>Fix:

	Use the source Luke!

>Release-Note:
>Audit-Trail:

From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: docs/14595: The ipfw `log' suboption is not documented
Date: Wed, 15 Dec 1999 11:02:33 +0200

 Hi,
 
 Looking at the man page, the 'log' option is definitely documented:
 
      ipfw [-q] add [number] [prob match_probability] action [log
      [logamount number]] proto from src to dst [via name | ipno]
      [options]
 
 and:
 
      If the kernel was compiled with IPFIREWALL_VERBOSE, then when
      a packet matches a rule with the log keyword a message will
      be printed on the console.  If the kernel was compiled with the
      IPFIREWALL_VERBOSE_LIMIT op- tion, then by default logging will
      cease after the number of packets specified by the option are
      received for that particular chain entry.
 
 Should I close this PR?
 
 Neil
 -- 
 Neil Blakey-Milner
 nbm@rucus.ru.ac.za
 
State-Changed-From-To: open->feedback 
State-Changed-By: nbm 
State-Changed-When: Wed Dec 15 01:23:55 PST 1999 
State-Changed-Why:  
The option does seem to be documented, awaiting confirmation from 
originator. 


Responsible-Changed-From-To: freebsd-doc->nbm 
Responsible-Changed-By: nbm 
Responsible-Changed-When: Wed Dec 15 01:23:55 PST 1999 
Responsible-Changed-Why:  
I'll wait on this. 
State-Changed-From-To: feedback->closed 
State-Changed-By: ru 
State-Changed-When: Wed Jan 19 02:05:05 PST 2000 
State-Changed-Why:  
The `log' option is well documented in the ipfw(8) manpage. 
The logging is done to the system console by default, but 
could be redirected to some file (see syslog.conf(5) manpage). 
>Unformatted:
