I have several INLINE statements in my mangle like this:
; -j NFLOG --nflog-prefix "network-daemon" --nflog-group $XYZ_VPN1_NFLOG
Would this be a good candidate for a NFLOG action for the mangle file?
I find NFLOG in the mangle table useful for IPSEC tunnels. Due to the way
IPSEC tunnels work,
with 'tcpdump' you can only see what this server receives. I have to login to
the other side
to see what the other server receives. But with NFLOG I can tcpdump both sides
of the conversation:
INLINE $XYZ_VPN1_IF:$xyz_net $FW:$lan4_ip1 icmp {
test=!0/$ND_PING_MASK } ; -j NFLOG
--nflog-prefix "network-daemon" --nflog-group $XYZ_VPN1_NFLOG
INLINE $FW:$lan4_ip1 $XYZ_VPN1_IF:$xyz_net icmp {
test=!0/$ND_PING_MASK } ; -j NFLOG --nflog-prefix
"network-daemon" --nflog-group $XYZ_VPN1_NFLOG
params:
XYZ_VPN1_NFLOG=1202
then:
tcpdump -i nflog:1202
Bill
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
