From nobody@FreeBSD.org  Mon Feb  9 10:45:59 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB4D816A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  9 Feb 2004 10:45:59 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA2DA43D31
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  9 Feb 2004 10:45:59 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i19Ijv72041996
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 9 Feb 2004 10:45:57 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i19IjvEU041995;
	Mon, 9 Feb 2004 10:45:57 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200402091845.i19IjvEU041995@www.freebsd.org>
Date: Mon, 9 Feb 2004 10:45:57 -0800 (PST)
From: joe <barbish3@adelphia.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: no logging on ipfw loadable module
X-Send-Pr-Version: www-2.0

>Number:         62598
>Category:       kern
>Synopsis:       no logging on ipfw loadable module
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 09 10:50:21 PST 2004
>Closed-Date:    Fri Jun 11 13:47:33 GMT 2004
>Last-Modified:  Fri Jun 11 13:47:33 GMT 2004
>Originator:     joe
>Release:        4.9
>Organization:
>Environment:
>Description:
   By original design, it's not suppose to be an mandatory requirement that you enable IPFW by compiling it's options into your customized FBSD kernel. IPFW is included in the basic FBSD install as a separate run time loadable module. For some unknown reason the loadable module was compiled with, logging disabled This means the loadable IPFW module has absolutely no logging available. This configuration is non-logical, does not reflect the needs of the majority of IPFW users, and is pretty much useless. A firewall without logging ability is just plain unheard of.     
>How-To-Repeat:
    Nothing to repeat, FBSD is delivered that way.  
>Fix:
In the next stable version release compile the ipfw loadable module with "options IPFIREWALL_VERBOSE" and "options FIREWALL_VERBOSE_LIMIT=5"


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ipfw 
Responsible-Changed-By: kris 
Responsible-Changed-When: Mon Mar 15 16:34:48 PST 2004 
Responsible-Changed-Why:  
Assign to ipfw mailing list for analysis of suggestion 

http://www.freebsd.org/cgi/query-pr.cgi?pr=62598 

From: "JJB" <Barbish3@adelphia.net>
To: <freebsd-gnats-submit@FreeBSD.org>, "JJB" <Barbish3@adelphia.net>
Cc:  
Subject: Re: kern/62598: no logging on ipfw loadable module
Date: Mon, 15 Mar 2004 21:37:09 -0500

 Shortly after this PR was submitted, it was determined that the
 problem report was based on this message ["IP packet filtering
 initialized, divert disabled, rule-based forwarding enabled, default
 to deny, logging disabled"] which is issued by the load of the ipfw
 loadable module when not compiled into the kernel.
 Upon ignoring intended meaning of said message, testing verified
 ipfw loadable module, does include logging code which only needs
 rc.conf statements to activate and enable.
 Conclusion: Message issued when ipfw loadable module is enabled
 is worded inaccurately. Message should be reworded to more clearly
 state status. Message that states that options are disabled imply
 those options where not compiled into the ipfw loadable module,
 which testing has proven to not be true.
 
 
 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Fri Jun 11 13:47:08 GMT 2004 
State-Changed-Why:  
Patches are welcome. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=62598 
>Unformatted:
