Subject: Re: ip filter and logging
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 04/13/2000 23:41:25
In some email I received from Andrew Brown, sie wrote:
> >> >since it seems (to me, at least) that "quick" and "log" don't work
> >> >with "count" lines. am i wrong? if so, what am i doing wrong? i'm
> >> >not trying to block any traffic at this time, just characterize it.
> >> to clarify: it seems to me that "count log" doesn't log anything (but
> >> it does count it) and that "count quick" doesn't actually terminate
> >> ruleset processing (a subsequent "pass" will also see it) but it does
> >> prevent it from being counted again.
> >RTFM? "count" is a separate action from 'block' and 'log', and "count"
> >isn't one of the "options" that can be used with any action.
> i did rtfm. several times, in fact. and they are f. :)
> i understand that "count" is separate from "block" and "pass" (and
> "log"). "count" is not an option, but an action, whereas "log" has
> the distinction of being an action *and* an option. i think that if
> "count" was an option, that'd be be the answer to my situation.
> fwiw - i also find that with default pass and only "log" (ie, no
> "pass", "block", or "count" lines) lines in my ipf.conf, my machine
> becomes unreachable. is perhaps the "log" action short for "block
Not quite. But if you do:
log in blah
then it's not a "pass" so how can it be pass'd ? I do recall there being
a bug related to that which got fixed in 3.3.