[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall
 Date:  Tue, 3 May 2005 17:26:05 -0400
On 5/3/05, Gary <gary at kryptic dash x dot com> wrote:
> Hey all,
> 
> I finally got all the logging to work with my freebsd 4.11 box using
> syslogd. Now I was looking thru the firewall logs and noticed that the rules
> are logged correctly but was hoping to see a few things.  For one: I was
> wondering if there was an way to make the rules show if the packet was
> allowed or denied 
> 

That's there.  See the section of this page:
http://www.daemon-systems.org/man/ipmon.8.html
under "Messages generated by ipmon consist  of  whitespace  separated  fields.
       Fields common to all messages are:"


> and Two: I wanted to know if there was any way to make the
> firewall more intelligent. For instance, I did a port scan of my first 1100
> ports and m0n0wall just logged all the traffic.  Is there anyway for it to
> see this port sweep and block that IP sort of like portsentry?
> 

Not at this point, though Manuel has it on the wish list.  I don't see
it of much worth.  Anybody that all out port scans you is nothing more
than a script kiddie (way too noisy for a real attacker), and any
serious attacker is going to do reconnaissance from a different system
than he attacks from, so that wouldn't buy you much of anything.

-Chris