On 3/15/24 10:17, Uwe B wrote:
Hello,
after solving my "dropped icmpv6" issues there still is the issue of the
missing log entries.
...
Is there a way to specify an nflog--group somewhere in the shorewall
configuration so that *all* logs are sent there?
Or is there another solution for this?
the solution is to read the man-pages carefully.
Coming from a very old version of shorewall (3.xx?) over the years and
copying the config files every update, I missed one place where I had
not changed
LOG_LEVEL="NFLOG" ==> this needs to go
and
RPFILTER_LOG_LEVEL="$LOG_LEVEL" ==> this needs to be "$LOG"
so my LOG="NFLOG(6,0,1)" in params was ignored for certain logs and the
NFLOG without parameters logs to group 0...
Kind regards,
Uwe
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
