On 12/16/2015 10:06 PM, Norman Henderson wrote: > I tore my hair out for several days because, although shorewall iptrace > produced the appropriate rules as shown by iptables -n -t raw -L > PREROUTING and iptables -n -t raw -L POSTROUTING, nothing was recorded > in /var/log/kern.log. > > It turned out, that my system (Ubuntu 14.04.1 LTS, kernel 3.16.0-51) had > the value ipt_ULOG in /proc/net/netfilter/nf_log line 2. This can be > seen / changed through: sysctl. > > I didn't have time to figure out how ULOG works and how to make it work, > so the simplest solution was to run sysctl net.netfilter.nf_log.2=ipt_LOG > > Perhaps this will be of use to someone else, and, perhaps someone can > add comment about a better solution that will be permanent. This sysctl > setting has to be repeated after reboots. >
Check out the LOG_BACKEND option in shorewall.conf, if your version of Shorewall is recent enough to support that option. Otherwise, you can always put it in /etc/sysctl.conf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
