diff mbox series

[1/2] firewall: Configure TRACE target to log to syslog

Message ID	20200629145318.7339-1-michael.tremer@ipfire.org
State	Accepted
Commit	78b65ea7e39c89573b7bf60c5d55b925363de832
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 1/2] firewall: Configure TRACE target to log to syslog Date: Mon, 29 Jun 2020 14:53:17 +0000 Message-Id: <20200629145318.7339-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	[1/2] firewall: Configure TRACE target to log to syslog \| [1/2] firewall: Configure TRACE target to log to syslog [2/2] Revert "sysctl: Load nf_log_ipv4 as default logging module for TRACE target"

Commit Message

Michael Tremer June 29, 2020, 2:53 p.m. UTC

  Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/firewall | 4 ++++
 1 file changed, 4 insertions(+)

diff mbox series

Patch

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index b0890c717..ab3a0bbf9 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -32,6 +32,10 @@  iptables_init() {
 	iptables -P FORWARD DROP
 	iptables -P OUTPUT ACCEPT
 
+	# Enable TRACE logging to syslog
+	modprobe nf_log_ipv4
+	sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
 	# Empty LOG_DROP and LOG_REJECT chains
 	iptables -N LOG_DROP
 	iptables -A LOG_DROP   -m limit --limit 10/second -j LOG