The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
using sysctl to monitor connections * 24 January 1999
Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles
This entry talks about sysctl and how it can be used to monitor attempts to connect to your firewall.  For full details on sysctl, see man sysctl.
Alarms
This topic came up when I mentioned in #freebsd on undernet that I wished I had sort of an alarm or message sent to me someone starts try to probe my firewall.  That's when I was told about:

net.inet.[tcp,ppp].log_in_vain=1

As with many things on IRC, I wasn't able to find out much more about it.  But by searching the mailing list archives, I found a few references.  I was having trouble sorting them out, but a reader sent in a reference which showed me what to do.

The solution is at FreeBSD Security How-To which is part of the FreeBSD website.   Look for "log in vain".  There it will mention that you need to do the following:

# sysctl -w net.inet.tcp.log_in_vain=1
# sysctl -w net.inet.udp.log_in_vain=1

You really should read that resource as it contains vital information regarding this feature.  Please don't just go and run the above commands without first reading what it will do.

This is a good feature, but I'm not sure how much it will help me given that I'm running a firewall as well.  The firewall should block everything I don't want coming in.  We'll see how things go.

Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles
Servers and bandwidth provided by New York Internet and SuperNews Valid HTML, CSS , and RSS.
Copyright © 1997-2012 DVL Software Ltd.
All rights reserved.