"ipfw log" messages from jail show in host syslog

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

"ipfw log" messages from jail show in host syslog

BulkMailForRudy
I've switched to VNET (love it) in jails.  Neat, you an have ipfw running
in your jail!

I added some log lines to test it out and was a bit confused when
/var/log/security wasn't showing the log lines.  Turns out, the kernel is
grabbing them and logging in the host and not the chrooted environment.

Bug?  Feature?  :)

Rudy

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: "ipfw log" messages from jail show in host syslog

Kristof Provost
On 2019-02-11 22:37:07 (-0800), Rudy (bulk address) <[hidden email]> wrote:
> I've switched to VNET (love it) in jails.  Neat, you an have ipfw running
> in your jail!
>
> I added some log lines to test it out and was a bit confused when
> /var/log/security wasn't showing the log lines.  Turns out, the kernel is
> grabbing them and logging in the host and not the chrooted environment.
>
> Bug?  Feature?  :)
>
"Known limitation", I think[*].

From a quick look at the ipfw log code it appears to simply write the
logging information to the kernel log, which is not a per-jail things.

I don't expect this to be easy to change either.

Regards,
Kristof

[*] Not an ipfw maintainer. Warranty void where prohibited. Do not feed
after midnight.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: "ipfw log" messages from jail show in host syslog

Ernie Luzar
In reply to this post by BulkMailForRudy
Rudy (bulk address) wrote:

> I've switched to VNET (love it) in jails.  Neat, you an have ipfw running
> in your jail!
>
> I added some log lines to test it out and was a bit confused when
> /var/log/security wasn't showing the log lines.  Turns out, the kernel is
> grabbing them and logging in the host and not the chrooted environment.
>
> Bug?  Feature?  :)
>
> Rudy
>

This is a known bug problem. There is a PR about this filed a few years ago.

Now here is the good news. There is a simple solution. IPFW has the
option to use an un-documented log file named ipfw0. When this log file
is used in a vnet jail, IPFW does log to it at /var/log/security in the
vnet jail.

Add this to the rc.conf file of the vnet jail and restart the vnet jail
to activate.

firewall_logging ="NO"
firewall_logif="YES"
nohup tcpdump -lnti ipfw0 | logger -t jailname -p security.info &


I am having network problems configuring my vnet jail on 12.0, using
bridge/epair with ipfw/nated. I sure would appreciate your help in
figuring out what is incorrect with my setup. If your agreeable, contact
me off list.

Thanks

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: "ipfw log" messages from jail show in host syslog

Kurt Jaeger-6
Hi!

> Rudy (bulk address) wrote:
> > I've switched to VNET (love it) in jails.  Neat, you an have ipfw running
> > in your jail!
> >
> > I added some log lines to test it out and was a bit confused when
> > /var/log/security wasn't showing the log lines.  Turns out, the kernel is
> > grabbing them and logging in the host and not the chrooted environment.

> This is a known bug problem. There is a PR about this filed a few years ago.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=178482

--
[hidden email]            +49 171 3101372                    One year to go !
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"