[1/2] firewall: Configure TRACE target to log to syslog
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/initscripts/system/firewall | 4 ++++
1 file changed, 4 insertions(+)
@@ -32,6 +32,10 @@ iptables_init() {
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
+ # Enable TRACE logging to syslog
+ modprobe nf_log_ipv4
+ sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
# Empty LOG_DROP and LOG_REJECT chains
iptables -N LOG_DROP
iptables -A LOG_DROP -m limit --limit 10/second -j LOG