diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2025-12-15 20:51:42 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2025-12-15 21:17:23 +0000 |
| commit | ddf4f9eda9c295082f17e7f26963666b72c97bb9 (patch) | |
| tree | 8cc1d84404118fba9370711f2c9031c0186273a4 /sbin | |
| parent | 94b76ea9d136723d6f05c42f450c802fb4a91600 (diff) | |
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 38 |
1 files changed, 9 insertions, 29 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 249bd195b4de..789512e5cc1e 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -701,28 +701,13 @@ Unless per-rule log destination is specified by .Cm logdst Ar logdst_spec option (see below), packets are logged in two ways: if the sysctl variable .Va net.inet.ip.fw.verbose -is set to 0 (default), one can use +is set to 0 (default), one can use the .Xr bpf 4 -attached to the -.Li ipfw0 -pseudo interface. -This pseudo interface can be created manually after a system -boot by using the following command: -.Bd -literal -offset indent -# ifconfig ipfw0 create -.Ed -.Pp -Or, automatically at boot time by adding the following -line to the -.Xr rc.conf 5 -file: -.Bd -literal -offset indent -firewall_logif="YES" -.Ed -.Pp +tap named +.Li ipfw0 . There is zero overhead when no .Xr bpf 4 -is attached to the pseudo interface. +listener is attached to the tap. .Pp If .Va net.inet.ip.fw.verbose @@ -3676,16 +3661,11 @@ reply to the sent ICMP message. Default value is .Ar 60 . .It Cm log -Turn on logging of all handled packets via BPF through -.Ar ipfwlog0 -interface. -.Ar ipfwlog0 -is a pseudo interface and can be created after a boot manually with -.Cm ifconfig -command. +Turn on logging of all handled packets via BPF tap named +.Ar ipfwlog0 . Note that it has different purpose than .Ar ipfw0 -interface. +tap. Translators sends to BPF an additional information with each packet. With .Cm tcpdump @@ -3744,7 +3724,7 @@ contains mapping how IPv6 addresses should be translated to IPv4 addresses. .It Cm log Turn on logging of all handled packets via BPF through .Ar ipfwlog0 -interface. +tap. .It Cm -log Turn off logging of all handled packets via BPF. .It Cm allow_private @@ -3793,7 +3773,7 @@ This IPv6 prefix should be configured on a remote NAT64 translator. .It Cm log Turn on logging of all handled packets via BPF through .Ar ipfwlog0 -interface. +tap. .It Cm -log Turn off logging of all handled packets via BPF. .It Cm allow_private |