On 5/3/05, Gary <gary at kryptic dash x dot com> wrote:
> Hey all,
> I finally got all the logging to work with my freebsd 4.11 box using
> syslogd. Now I was looking thru the firewall logs and noticed that the rules
> are logged correctly but was hoping to see a few things. For one: I was
> wondering if there was an way to make the rules show if the packet was
> allowed or denied
That's there. See the section of this page:
under "Messages generated by ipmon consist of whitespace separated fields.
Fields common to all messages are:"
> and Two: I wanted to know if there was any way to make the
> firewall more intelligent. For instance, I did a port scan of my first 1100
> ports and m0n0wall just logged all the traffic. Is there anyway for it to
> see this port sweep and block that IP sort of like portsentry?
Not at this point, though Manuel has it on the wish list. I don't see
it of much worth. Anybody that all out port scans you is nothing more
than a script kiddie (way too noisy for a real attacker), and any
serious attacker is going to do reconnaissance from a different system
than he attacks from, so that wouldn't buy you much of anything.