Add firewall_logging knob to enable/disablle events logging, disabled

by default. Needed mainly for ipfw kernel module to enable logging disabled there.
svn path=/head/; revision=60103
2000-05-06 17:18:19 +00:00 · 2000-05-06 17:18:19 +00:00 · be08c4bfc8 · 2020-12-20 02:59:44 +00:00
commit be08c4bfc8
parent 3e48370f70
8 changed files with 71 additions and 0 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -46,6 +46,7 @@ firewall_enable="NO"		# Set to YES to enable firewall functionality
 firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
 firewall_type="UNKNOWN"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="NO"		# Set to YES to suppress rule display
+firewall_logging="NO"           # Set to YES to enable events logging
 firewall_flags=""		# Flags passed to ipfw when type is a file
 natd_program="/sbin/natd"	# path to natd, if you want a different one.
 natd_enable="NO"                # Enable natd (if firewall_enable == YES).
--- a/etc/network.subr
+++ b/etc/network.subr
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;
--- a/etc/rc.network
+++ b/etc/rc.network
@ -223,6 +223,16 @@ network_pass1() {
 				echo "but firewall rules are not enabled."
 				echo "		 All ip services are disabled."
 			fi
+
+			case ${firewall_logging} in
+			[Yy][Ee][Ss] | '')
+				echo 'Firewall logging=YES'
+				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
+				;;
+			*)
+				;;
+			esac
+
 			;;
 		esac
 		;;