From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] firewall: Configure TRACE target to log to syslog
Date: Mon, 29 Jun 2020 14:53:17 +0000
Message-ID: <20200629145318.7339-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6166517413309063315=="
List-Id: <development.lists.ipfire.org>

--===============6166517413309063315==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/initscripts/system/firewall | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index b0890c717..ab3a0bbf9 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -32,6 +32,10 @@ iptables_init() {
 	iptables -P FORWARD DROP
 	iptables -P OUTPUT ACCEPT
 
+	# Enable TRACE logging to syslog
+	modprobe nf_log_ipv4
+	sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
 	# Empty LOG_DROP and LOG_REJECT chains
 	iptables -N LOG_DROP
 	iptables -A LOG_DROP   -m limit --limit 10/second -j LOG
-- 
2.20.1


--===============6166517413309063315==--