ipfw_netflow: add +ipfw_netflow_enable="NO" to defaults/rc.conf and document

usage in rc.conf(5) Reported by: markj Sponsored by: Gandi.net
2017-07-17 08:53:51 +00:00 · 2017-07-17 08:53:51 +00:00 · fd75b64d7e
commit fd75b64d7e
parent 01285747aa
2 changed files with 34 additions and 0 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -168,6 +168,7 @@ firewall_nat_enable="NO"	# Enable kernel NAT (if firewall_enable == YES)
 firewall_nat_interface=""	# Public interface or IPaddress to use
 firewall_nat_flags=""		# Additional configuration parameters
 dummynet_enable="NO"		# Load the dummynet(4) module
+ipfw_netflow_enable="NO"	# Enable netflow logging via ng_netflow
 ip_portrange_first="NO"		# Set first dynamically allocated port
 ip_portrange_last="NO"		# Set last dynamically allocated port
 ike_enable="NO"			# Enable IKE daemon (usually racoon or isakmpd)
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@ -591,6 +591,39 @@ module if
 is also set to
 .Dq Li YES .
 .\" -------------------------------------------------------------------
+.It Va ipfw_netflow_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will enable netflow logging via
+.Xr ng_netflow 4
+.Pp
+By default a ipfw rule is inserted and all packets are duplicated with
+the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
+port using protocol version 5.
+.It Va ipfw_netflow_hook
+.Pq Vt str
+netflow hook name, must be numerical
+(default
+.Pa 9995 ) .
+.It Va ipfw_netflow_rule
+.Pq Vt str
+ipfw rule number
+(default
+.Pa 1000 ) .
+.It Va ipfw_netflow_ip
+.Pq Vt str
+Destination server ip for receiving netflow data
+(default
+.Pa 127.0.0.1 ) .
+.It Va ipfw_netflow_port
+.Pq Vt str
+Destination server port for receiving netflow data
+(default
+.Pa 9995 ) .
+.It Va ipfw_netflow_version
+.Pq Vt str
+Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
 .It Va natd_program
 .Pq Vt str
 Path to