using sysctl to monitor connections *
This entry talks about sysctl and how it can be used to monitor attempts to
connect to your firewall. For full details on sysctl, see man
sysctl.
Alarms
This topic came up when I mentioned in #freebsd on undernet that I wished I had sort
of an alarm or message sent to me someone starts try to probe my firewall. That’s
when I was told about:
net.inet.[tcp,ppp].log_in_vain=1
As with many things on IRC, I wasn’t able to find out much more about it. But by
searching the mailing list archives, I found a few references. I was having trouble
sorting them out, but a reader sent in a reference which showed me what to do.
The solution is at FreeBSD Security
How-To which is part of the FreeBSD website.
Look for "log in vain". There it will mention that you need to do
the following:
# sysctl -w net.inet.tcp.log_in_vain=1 # sysctl -w net.inet.udp.log_in_vain=1
You really should read that resource as it contains vital information regarding this
feature. Please don’t just go and run the above commands without first reading what
it will do.
This is a good feature, but I’m not sure how much it will help me given that I’m
running a firewall as well. The firewall should block everything I don’t want coming
in. We’ll see how things go.