netfilter buglog - Jun 2016 - [Bug 1076] New: trace target docs could be better

https://bugzilla.netfilter.org/show_bug.cgi?id=1076

            Bug ID: 1076
           Summary: trace target docs could be better
           Product: iptables
           Version: 1.4.x
          Hardware: x86_64
                OS: Fedora
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: justin at devuyst.com

I had a really hard time getting TRACE logging to work.
I guess the problem is a combination of the fact that
I'm not a hardcore sa and that the TRACE docs (
in the iptables-extensions manpage) mentioned
"ip(6)t_LOG or nfnetlink_log".  When I saw that
the rule was matching I then started to search
for ipt_LOG which turned out to be unfruitful.
Eventually someone on irc gave me the right
answer which was:
modprobe nf_log_ipv4;
sysctl net.netfilter.nf_log.2=nf_log_ipv4;
and then it worked.  Maybe the docs for TRACE
could be enhanced to include info like this or
at least pointers to the casual sa where to look.
I'm on fedora 24 which seems to be using
iptables v1.4.21.

Thanks,
jdv

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160625/b700e79e/attachment.html>