The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
using sysctl to monitor connections * 24 January 1999
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This entry talks about sysctl and how it can be used to monitor attempts to connect to your firewall.  For full details on sysctl, see man sysctl.
Alarms
This topic came up when I mentioned in #freebsd on undernet that I wished I had sort of an alarm or message sent to me someone starts try to probe my firewall.  That's when I was told about:

net.inet.[tcp,ppp].log_in_vain=1

As with many things on IRC, I wasn't able to find out much more about it.  But by searching the mailing list archives, I found a few references.  I was having trouble sorting them out, but a reader sent in a reference which showed me what to do.

The solution is at FreeBSD Security How-To which is part of the FreeBSD website.   Look for "log in vain".  There it will mention that you need to do the following:

# sysctl -w net.inet.tcp.log_in_vain=1
# sysctl -w net.inet.udp.log_in_vain=1

You really should read that resource as it contains vital information regarding this feature.  Please don't just go and run the above commands without first reading what it will do.

This is a good feature, but I'm not sure how much it will help me given that I'm running a firewall as well.  The firewall should block everything I don't want coming in.  We'll see how things go.

Need more help on this topic? Click here
This article has no comments
Show me similar articles
Servers and bandwidth provided by New York Internet, SuperNews, and RootBSD. Valid HTML, CSS , and RSS
Copyright © 1997-2016 Dan Langille
All rights reserved