Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/initscripts/system/firewall | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index b0890c717..ab3a0bbf9 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -32,6 +32,10 @@ iptables_init() { iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
+ # Enable TRACE logging to syslog + modprobe nf_log_ipv4 + sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4 + # Empty LOG_DROP and LOG_REJECT chains iptables -N LOG_DROP iptables -A LOG_DROP -m limit --limit 10/second -j LOG
This reverts commit 224adebdc44dece1e21193dd7ab4090e102349e8.
The configuration could not be loaded here, because the nf_log_ipv4 kernel module wasn't loaded, yet.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/etc/sysctl.conf | 3 --- config/rootfiles/core/147/filelists/files | 1 - 2 files changed, 4 deletions(-)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 98a0dbe63..7e7ebee44 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -34,9 +34,6 @@ net.ipv6.conf.default.disable_ipv6 = 1 # Enable netfilter accounting net.netfilter.nf_conntrack_acct=1
-# Enable TRACE logging to syslog -net.netfilter.nf_log.2=nf_log_ipv4 - # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 diff --git a/config/rootfiles/core/147/filelists/files b/config/rootfiles/core/147/filelists/files index fe33d7d71..13e6e04aa 100644 --- a/config/rootfiles/core/147/filelists/files +++ b/config/rootfiles/core/147/filelists/files @@ -10,6 +10,5 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/networking/any etc/rc.d/init.d/networking/red etc/rc.d/init.d/partresize -etc/sysctl.conf var/ipfire/header.pl var/ipfire/general-functions.pl
-
Michael Tremer