I tore my hair out for several days because, although shorewall iptrace produced the appropriate rules as shown by iptables -n -t raw -L PREROUTING and iptables -n -t raw -L POSTROUTING, nothing was recorded in /var/log/kern.log.
It turned out, that my system (Ubuntu 14.04.1 LTS, kernel 3.16.0-51) had the value ipt_ULOG in /proc/net/netfilter/nf_log line 2. This can be seen / changed through: sysctl. I didn't have time to figure out how ULOG works and how to make it work, so the simplest solution was to run sysctl net.netfilter.nf_log.2=ipt_LOG Perhaps this will be of use to someone else, and, perhaps someone can add comment about a better solution that will be permanent. This sysctl setting has to be repeated after reboots.
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
