[PATCH 1/2] firewall: Configure TRACE target to log to syslog

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH 1/2] firewall: Configure TRACE target to log to syslog
@ 2020-06-29 14:53 Michael Tremer
  2020-06-29 14:53 ` [PATCH 2/2] Revert "sysctl: Load nf_log_ipv4 as default logging module for TRACE target" Michael Tremer
  0 siblings, 1 reply; 2+ messages in thread
From: Michael Tremer @ 2020-06-29 14:53 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 668 bytes --]

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 src/initscripts/system/firewall | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index b0890c717..ab3a0bbf9 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -32,6 +32,10 @@ iptables_init() {
 	iptables -P FORWARD DROP
 	iptables -P OUTPUT ACCEPT
 
+	# Enable TRACE logging to syslog
+	modprobe nf_log_ipv4
+	sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
 	# Empty LOG_DROP and LOG_REJECT chains
 	iptables -N LOG_DROP
 	iptables -A LOG_DROP   -m limit --limit 10/second -j LOG
-- 
2.20.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH 2/2] Revert "sysctl: Load nf_log_ipv4 as default logging module for TRACE target"
  2020-06-29 14:53 [PATCH 1/2] firewall: Configure TRACE target to log to syslog Michael Tremer
@ 2020-06-29 14:53 ` Michael Tremer
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2020-06-29 14:53 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1316 bytes --]

This reverts commit 224adebdc44dece1e21193dd7ab4090e102349e8.

The configuration could not be loaded here, because the nf_log_ipv4
kernel module wasn't loaded, yet.

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 config/etc/sysctl.conf                    | 3 ---
 config/rootfiles/core/147/filelists/files | 1 -
 2 files changed, 4 deletions(-)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 98a0dbe63..7e7ebee44 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -34,9 +34,6 @@ net.ipv6.conf.default.disable_ipv6 = 1
 # Enable netfilter accounting
 net.netfilter.nf_conntrack_acct=1
 
-# Enable TRACE logging to syslog
-net.netfilter.nf_log.2=nf_log_ipv4
-
 # Disable netfilter on bridges.
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files
index fe33d7d71..13e6e04aa 100644
--- a/config/rootfiles/core/147/filelists/files
+++ b/config/rootfiles/core/147/filelists/files
@@ -10,6 +10,5 @@ etc/rc.d/init.d/functions
 etc/rc.d/init.d/networking/any
 etc/rc.d/init.d/networking/red
 etc/rc.d/init.d/partresize
-etc/sysctl.conf
 var/ipfire/header.pl
 var/ipfire/general-functions.pl
-- 
2.20.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-06-29 14:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-29 14:53 [PATCH 1/2] firewall: Configure TRACE target to log to syslog Michael Tremer
2020-06-29 14:53 ` [PATCH 2/2] Revert "sysctl: Load nf_log_ipv4 as default logging module for TRACE target" Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox