ipfw: don't use 'log' parameter.

I guess we were causing the kernel to syslog on every single packet on
MacOS.  Oops.

Author: apenwarr

firewall.py

@@ -243,11 +243,11 @@ def do_ipfw(port, dnsport, subnets):
         for swidth,sexclude,snet in sorted(subnets, reverse=True):
             if sexclude:
                 ipfw('add', sport, 'skipto', xsport,
-                     'log', 'tcp',
+                     'tcp',
                      'from', 'any', 'to', '%s/%s' % (snet,swidth))
             else:
                 ipfw('add', sport, 'fwd', '127.0.0.1,%d' % port,
-                     'log', 'tcp',
+                     'tcp',
                      'from', 'any', 'to', '%s/%s' % (snet,swidth),
                      'not', 'ipttl', '42', 'keep-state', 'setup')
 
@@ -289,12 +289,12 @@ def do_ipfw(port, dnsport, subnets):
         for ip in nslist:
             # relabel and then catch outgoing DNS requests
             ipfw('add', sport, 'divert', sport,
-                 'log', 'udp',
+                 'udp',
                  'from', 'any', 'to', '%s/32' % ip, '53',
                  'not', 'ipttl', '42')
         # relabel DNS responses
         ipfw('add', sport, 'divert', sport,
-             'log', 'udp',
+             'udp',
              'from', 'any', str(dnsport), 'to', 'any',
              'not', 'ipttl', '42')