Re: - Re: Where did I go wrong?

[mdpeters <mdpeters@lazarusalliance.com>]

I am getting syslogging messages now. I have to wait until the evening 
to test it live again.
Do the other rules look fine to you? I am used to other products like 
Checkpoint. If there is a cleaner way I would like to hear about it.
NAT hosts are in various networks internally. I might have one in the 
DMZ right off one ipfilter interface while another host sits on the LAN.
Thanks for the logging tip. The obvious right?

Phil Dibowitz wrote:
> mdpeters wrote:
>
> > I forgot to add this to my last message.
> >
> > # svcs | egrep '(pfil|ipfilter)'
> > online         Jan_08   svc:/system/rmtmpfiles:default
> > online          7:15:21 svc:/network/pfil:default
> > online          7:15:27 svc:/network/ipfilter:default
> >
> > I had to fix my syslogd.conf file. I had spaces instead of tab delimited
> > spaces applied to the /var/log/ipfilter.log line.
>
> And now that you fixed syslog and restarted it, do you get additional logs?
>
> Your problem is this:
>
>
> > > messages.1:16886:Jan  7 22:23:35 Osiris ipfilter: [ID 702911
> > > daemon.warning] pfil not plumbed on any network interfaces.
> > > messages.1:16887:Jan  7 22:23:35 Osiris ipfilter: [ID 702911
> > > daemon.warning] No network traffic will be filtered.
>
> This usually means you haven't rebooted since you installed.