The FreeBSD Diary

The FreeBSD Diary (TM) Remember
I remember
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

using sysctl to monitor connections * 24 January 1999
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This entry talks about sysctl and how it can be used to monitor attempts to connect to your firewall.  For full details on sysctl, see man sysctl.
Alarms
This topic came up when I mentioned in #freebsd on undernet that I wished I had sort of an alarm or message sent to me someone starts try to probe my firewall.  That's when I was told about:

net.inet.[tcp,ppp].log_in_vain=1

As with many things on IRC, I wasn't able to find out much more about it.  But by searching the mailing list archives, I found a few references.  I was having trouble sorting them out, but a reader sent in a reference which showed me what to do.

The solution is at FreeBSD Security How-To which is part of the FreeBSD website.   Look for "log in vain".  There it will mention that you need to do the following:

# sysctl -w net.inet.tcp.log_in_vain=1
# sysctl -w net.inet.udp.log_in_vain=1

You really should read that resource as it contains vital information regarding this feature.  Please don't just go and run the above commands without first reading what it will do.

This is a good feature, but I'm not sure how much it will help me given that I'm running a firewall as well.  The firewall should block everything I don't want coming in.  We'll see how things go.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles