Thank you Tom! On Fri, Dec 18, 2015 at 2:20 AM, Tom Eastep <[email protected]> wrote:
> On 12/16/2015 10:06 PM, Norman Henderson wrote: > > I tore my hair out for several days because, although shorewall iptrace > > produced the appropriate rules as shown by iptables -n -t raw -L > > PREROUTING and iptables -n -t raw -L POSTROUTING, nothing was recorded > > in /var/log/kern.log. > > > > It turned out, that my system (Ubuntu 14.04.1 LTS, kernel 3.16.0-51) had > > the value ipt_ULOG in /proc/net/netfilter/nf_log line 2. This can be > > seen / changed through: sysctl. > > > > I didn't have time to figure out how ULOG works and how to make it work, > > so the simplest solution was to run sysctl net.netfilter.nf_log.2=ipt_LOG > > > > Perhaps this will be of use to someone else, and, perhaps someone can > > add comment about a better solution that will be permanent. This sysctl > > setting has to be repeated after reboots. > > > > Check out the LOG_BACKEND option in shorewall.conf, if your version of > Shorewall is recent enough to support that option. Otherwise, you can > always put it in /etc/sysctl.conf. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
