On 7/29/2015 10:55 AM, Dovydas Sankauskas wrote: > Hi, > > I log most of my logged packets to PCAP format and the remaining few > packets using SYSLOG. > I am trying to limit logged packets to 64 Bytes. > > I have set my log like this: > > # cat params > LOG_PCAP=NFLOG\(1,64,1\) > LOG_TEXT=NFLOG\(2,0,1\) > > Unfortunately shorewall still logs full packets. > When I open /var/log/ulog/ulogd.pcap file with tcpdump I can see full > size packets. > > Please can you help? I'm afraid that I can't -- it appears that Shorewall is generating the correct rule (--nflog-range 64):
+-A ~log4 -m hashlimit --hashlimit-upto 5/min --hashlimit-name lograte --hashlimit-mode srcip --hashlimit-htable-expire 60000 -j NFLOG --nflog-group 1 --nflog-range 64 --nflog-threshold 1 --nflog-prefix ": dmz-net ACCEPT" I would check with the ulogd2 folks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
