using sysctl to monitor connections *
This entry talks about sysctl and how it can be used to monitor attempts to connect to your firewall. For full details on sysctl, see man sysctl.Alarms
This topic came up when I mentioned in #freebsd on undernet that I wished I had sort of an alarm or message sent to me someone starts try to probe my firewall. That’s when I was told about:net.inet.[tcp,ppp].log_in_vain=1
As with many things on IRC, I wasn’t able to find out much more about it. But by searching the mailing list archives, I found a few references. I was having trouble sorting them out, but a reader sent in a reference which showed me what to do.
The solution is at FreeBSD Security How-To which is part of the FreeBSD website. Look for "log in vain". There it will mention that you need to do the following:
# sysctl -w net.inet.tcp.log_in_vain=1 # sysctl -w net.inet.udp.log_in_vain=1
You really should read that resource as it contains vital information regarding this feature. Please don’t just go and run the above commands without first reading what it will do.
This is a good feature, but I’m not sure how much it will help me given that I’m running a firewall as well. The firewall should block everything I don’t want coming in. We’ll see how things go.