search for: nflog

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #21 from Eric Leblond <eric at regit.org> --- Hello, (In reply to Netbug from comment #20) > Hi Eric, > > The new log; iptables-save_nflog_2 and the output I pasted for, > > cat /proc/net/netfilter/nf_log; > > All this is good now? All i see in the iptables rules regarding NFLOG is: -A INPUT -j NFLOG --nflog-prefix "Shorewall:INPUT:REJECT:" -A FORWARD -j NFLOG --nflog-prefix "Shorewall:FORWARD:REJECT...

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the NFLOG target? Thanks in advance! Erwin -------------------------------------...

...no chain name is given to the ''shorewall refresh'' command, the mangle table is refreshed along with the blacklist chain (if any). This allows you to modify /etc/shorewall/tcrules and install the changes using ''shorewall refresh''. 4) Support for the NFLOG log target has been added. NFLOG is a successor to ULOG. In addition, both ULOG and NFLOG may be followed by a list of up to three numbers in parentheses. The first number specifies the netlink group (1-32). If omitted (e.g., NFLOG(,0,10)) then a value of 1 is assumed. The sec...

...------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #27 from Netbug <b1b30ee4 at opayq.com> --- Hi Eric, The logging was my mistake, I truly apologize... I read this regarding NFLOG and the group; ``````````````````````` Shorewall 4) Support for the NFLOG log target has been added. NFLOG is a successor to ULOG. In addition, both ULOG and NFLOG may be followed by a list of up to three numbers in parentheses. The first number specifies the netlink group (1-32). If omitted (e...

...: pablo at netfilter.org Reporter: phil at nwl.cc The list of extensions returned from 'ebtables-nft -h list_extensions' is more than incomplete: | # ebtables -h list_extensions | ebtables v1.8.10 (nf_tables) | Loaded userspace extensions: | | Loaded targets: | nflog | log | | Loaded matches: Listing most extensions does not work: | # ebtables -h 802_3 | ebtables v1.8.10 (nf_tables): Extension '802_3' not found | Try `ebtables -h' or 'ebtables --help' for more information. Those that work, cause double free at program exit: |...

http://bugzilla.netfilter.org/show_bug.cgi?id=723 Summary: extensions/libxt_NFLOG.man definines invalid range for - -nflog-group Product: iptables Version: CVS (please indicate timestamp) Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: iptables...

https://bugzilla.netfilter.org/show_bug.cgi?id=921 Summary: log, ulog and nflog: command-line parameters are not supported Product: nftables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo...

https://bugzilla.netfilter.org/show_bug.cgi?id=945 Summary: Transmit performance regression with NAT and 3.14 Product: netfilter/iptables Version: unspecified Platform: x86_64 URL: http://www.linuxquestions.org/questions/linux-networki ng-3/linux-router-non-local-uploads-have-horrible-perf

...Priority: P5 Component: libnetfilter_log Assignee: netfilter-buglog at lists.netfilter.org Reporter: roa at eurotux.com libnetfilter_log produces lots of garbage to stdout, making programs that use its functions do that too. How to reproduce: # iptables -I INPUT -j NFLOG --nflog-group 16 # iptables -I FORWARD -j NFLOG --nflog-group 16 # iptables -I OUTPUT -j NFLOG --nflog-group 16 # /usr/bin/fprobe-ulog 127.0.0.1:8818/127.0.0.1 -n7 -U32768 -l2 [INFO]: Starting 1.2... [INFO]: pid: 26971 [INFO]: options: u=32768 s=5 g=30 d=60 e=300 n=7 a=0.0.0.0 M=0 b=10000 m=0 q=10...

...19 11:49:00 --- (In reply to comment #0) > I'm trying to set up a transparent firewall using ebtables and ulogd (under > Fedora 12 x86_64). A few days ago, I raised bug 651 re. ulogd 1.23. Since then, > I decided to try ulogd 2.0.0beta3 (as apparently I could then try using the > --nflog options in ebtables instead of the --ulog options.) This is proving a > lot more encouraging: the syslogemu plugin is working fine. However, when I try > to save the packets using the pcap plugin, I get lots of log messages like the > following: > > Wed May 12 15:33:25 2010 <7&gt...

...er.org/show_bug.cgi?id=977 --- Comment #6 from Netbug <b1b30ee4 at opayq.com> --- I upgraded to ulogd 2.0.4 & kernel 3.17.2 but these did not make a difference, here's how the output looks now; Sat Nov 1 17:07:03 2014 <5> ulogd.c:843 building new pluginstance stack: 'log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU' Sat Nov 1 17:07:03 2014 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 2 Sat Nov 1 17:07:03 2014 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 1...

...illa.netfilter.org/show_bug.cgi?id=977 --- Comment #25 from Netbug <b1b30ee4 at opayq.com> --- Oh crap maybe I did screw this up, I didn't realize I needed to change a group. So you're saying it's showing it on 0 now and it needs to be on 1? I remember reading this before; Use NFLOG as your log level, and as with ULOG you can specify the group NFLOG(1,0,1). NFLOG may default to group 0? NFLOG(1,0,1) - this changes it to the group 1? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubb...

...git.org> --- Hello, (In reply to Netbug from comment #25) > Oh crap maybe I did screw this up, I didn't realize I needed to change a > group. > > So you're saying it's showing it on 0 now and it needs to be on 1? > > I remember reading this before; > > Use NFLOG as your log level, and as with ULOG you can specify the > group NFLOG(1,0,1). NFLOG may default to group 0? > > NFLOG(1,0,1) - this changes it to the group 1? This is Shorewall configuration and I don't know it so I can not help. I'm closing the bug as it is not related to ulogd....

...ot; priority filter; policy accept; meta nftrace set 1 log group 31 udp sport 68 udp dport 67 counter packets 0 bytes 0 } } With virtio, captured packet : tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on nflog:30, link-type NFLOG (Linux netfilter log messages), snapshot length 262144 bytes 10:02:24.310780 version 0, resource ID 30, family Unknown (5), length 348: 0x0000: ffff ffff ffff e628 5968 daab 0800 4500 .......(Yh....E. 0x0010: 0148 e505 0000 4011 94a0 0000 0000 ffff .H.... at...

...ot; priority filter; policy accept; meta nftrace set 1 log group 31 udp sport 68 udp dport 67 counter packets 0 bytes 0 } } With virtio, captured packet : tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on nflog:30, link-type NFLOG (Linux netfilter log messages), snapshot length 262144 bytes 10:02:24.310780 version 0, resource ID 30, family Unknown (5), length 348: 0x0000: ffff ffff ffff e628 5968 daab 0800 4500 .......(Yh....E. 0x0010: 0148 e505 0000 4011 94a0 0000 0000 ffff .H.... at...

...timestamp) Platform: All OS/Version: All Status: NEW Severity: critical Priority: P5 Component: ulogd AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: bootc at bootc.net Estimated Hours: 0.0 ulogd_inppkt_NFLOG.c:start() has a bug in out_bind: out_bind: nflog_close(ui->nful_h); if (group_ce(upi->config_kset).u.value == 0) { nflog_unbind_pf(ui->nful_h, AF_INET); nflog_unbind_pf(ui->nful_h, AF_INET6); nflog_unbind_pf(ui->nful_h, AF_BRIDGE); } Essentially,...

...pecified extensions: libxt_TRACE: Add translation to nft extensions: libipt_realm: fix order of mask and id when do nft translation extensions: libxt_connlabel: fix crash when connlabel.conf is empty extensions: libxt_connlabel: Add translation to nft extensions: libxt_NFLOG: display nflog-size even if it is zero extensions: libxt_NFLOG: translate to nft log snaplen if nflog-size is specified extensions: libxt_NFLOG: add unit test to cover nflog-size with zero extensions: libxt_connlabel: add unit test iptables-translate: add in/out ifname wildc...

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #14 from Eric Leblond <eric at regit.org> --- (In reply to Netbug from comment #11) > Hi Eric, > > Thanks for getting back to me, really appreciate it. > > I'm not using NFLOG at the moment, so let me know if the iptables-save is > ok, without using it at the moment, along with the cat? OK, I really need to see how NFLOG is used. > > I've attached two logs for each... nf_log file content is not the good one, I only see the name of the file inside the fil...

https://bugzilla.netfilter.org/show_bug.cgi?id=977 --- Comment #22 from Netbug <b1b30ee4 at opayq.com> --- In shorewall I have NFLOG listed for the shorewall.conf and the policy file, this is the only place I put in the word NFLOG... Please see these attachements... -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http...

...+6000] 2011-08-28 16:42:47 kernel: ulogd[1585]: segfault at 90 ip 0804a012 sp bfbb1e20 error 4 in ulogd[8048000+6000] hmmm. valgrind won't run on this kern. ulogd logged this every time; nothing more init never completed. Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `NFLOG' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `NFCT' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IFINDEX' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering plugin `IP2STR' Sun Aug 28 16:40:24 2011 <5> ulogd.c:372 registering...