Fix [SME: 12257]
This commit is contained in:
parent
65a899e526
commit
d24edca890
@ -9,7 +9,7 @@
|
||||
elsif ($logging eq "all")
|
||||
{
|
||||
$OUT .= <<"HERE";
|
||||
/sbin/iptables --replace denylog 1 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
|
||||
/sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
|
||||
/sbin/iptables --replace denylog 2 --jump $target
|
||||
/sbin/iptables --replace denylog 3 --jump $target
|
||||
/sbin/iptables --replace denylog 4 --jump $target
|
||||
@ -22,7 +22,7 @@ HERE
|
||||
/sbin/iptables --replace denylog 1 -p udp --dport 520 --jump $target
|
||||
/sbin/iptables --replace denylog 2 -p udp --dport 137:139 --jump $target
|
||||
/sbin/iptables --replace denylog 3 -p tcp --dport 137:139 --jump $target
|
||||
/sbin/iptables --replace denylog 4 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
|
||||
/sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
|
||||
/sbin/iptables --replace denylog 5 --jump $target
|
||||
HERE
|
||||
}
|
||||
|
@ -1,7 +1,9 @@
|
||||
[global]
|
||||
# Not necessarily required
|
||||
nlgroup=1
|
||||
|
||||
logfile=/var/log/ulogd/ulogd.log
|
||||
loglevel=5
|
||||
loglevel=1
|
||||
rmem=131071
|
||||
bufsize=150000
|
||||
|
||||
|
@ -9,11 +9,11 @@
|
||||
# 1. load the plugins _first_ from the global section
|
||||
# 2. options for each plugin in seperate section below
|
||||
|
||||
#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
|
||||
plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
|
||||
#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
|
||||
plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
|
||||
#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
|
||||
plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
|
||||
#plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
|
||||
#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
|
||||
plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
|
||||
plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
|
||||
#plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
|
||||
#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"
|
||||
|
@ -1,4 +1,16 @@
|
||||
|
||||
#our base stack ULOG to LOGEMU
|
||||
stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
|
||||
# reetp which one of these do we need?
|
||||
# I think log2
|
||||
|
||||
# this is a stack for logging packet send by system via LOGEMU
|
||||
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
|
||||
|
||||
# this is a stack for packet-based logging via LOGEMU
|
||||
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
|
||||
|
||||
# this is a stack for ULOG packet-based logging via LOGEMU
|
||||
# reetp - non functioning
|
||||
#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
|
||||
|
||||
# this is a stack for packet-based logging via LOGEMU with filtering on MARK
|
||||
#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
|
||||
|
@ -1,10 +1,75 @@
|
||||
# Logging of system packet through NFLOG
|
||||
[log1]
|
||||
# netlink multicast group (the same as the iptables --nflog-group param)
|
||||
# Group O is used by the kernel to log connection tracking invalid message
|
||||
group=0
|
||||
#netlink_socket_buffer_size=217088
|
||||
#netlink_socket_buffer_maxsize=1085440
|
||||
# set number of packet to queue inside kernel
|
||||
#netlink_qthreshold=1
|
||||
# set the delay before flushing packet in the queue inside kernel (in 10ms)
|
||||
#netlink_qtimeout=100
|
||||
|
||||
# packet logging through NFLOG for group 1
|
||||
[log2]
|
||||
# netlink multicast group (the same as the iptables --nflog-group param)
|
||||
group=1 # Group has to be different from the one use in log1
|
||||
#netlink_socket_buffer_size=217088
|
||||
#netlink_socket_buffer_maxsize=1085440
|
||||
# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
|
||||
# group 0 is not used by any stack, you need to have at least one NFLOG
|
||||
# input plugin with bind set to 1. If you don't do that you may not
|
||||
# receive any message from the kernel.
|
||||
#bind=1
|
||||
|
||||
# packet logging through NFLOG for group 2, numeric_label is
|
||||
# set to 1
|
||||
[log3]
|
||||
# netlink multicast group (the same as the iptables --nflog-group param)
|
||||
group=2 # Group has to be different from the one use in log1/log2
|
||||
numeric_label=1 # you can label the log info based on the packet verdict
|
||||
#netlink_socket_buffer_size=217088
|
||||
#netlink_socket_buffer_maxsize=1085440
|
||||
#bind=1
|
||||
|
||||
[ulog1]
|
||||
# denylog:
|
||||
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
|
||||
nlgroup=1
|
||||
|
||||
#numeric_label=0 # optional argument
|
||||
|
||||
[emu1]
|
||||
file="/var/log/iptables/denylog.log"
|
||||
file="/var/log/ulogd/syslogemu.log"
|
||||
sync=1
|
||||
|
||||
[json1]
|
||||
sync=1
|
||||
#file="/var/log/ulogd.json"
|
||||
#timestamp=0
|
||||
# device name to be used in JSON message
|
||||
#device="My awesome Netfilter firewall"
|
||||
# If boolean_label is set to 1 then the numeric_label put on packet
|
||||
# by the input plugin is coding the action on packet: if 0, then
|
||||
# packet has been blocked and if non null it has been accepted.
|
||||
#boolean_label=1
|
||||
# Uncomment the following line to use JSON v1 event format that
|
||||
# can provide better compatility with some JSON file reader.
|
||||
#eventv1=1
|
||||
# Uncomment the following lines to send the JSON logs to a remote host via UDP
|
||||
#mode="udp"
|
||||
#host="192.0.2.10"
|
||||
#port="10210"
|
||||
# Uncomment the following lines to send the JSON logs to a remote host via TCP
|
||||
#mode="tcp"
|
||||
#host="192.0.2.10"
|
||||
#port="10210"
|
||||
# Uncomment the following lines to send the JSON logs to a local unix socket
|
||||
#mode="unix"
|
||||
#file="/var/run/ulogd.socket"
|
||||
|
||||
[pcap1]
|
||||
#default file is /var/log/ulogd.pcap
|
||||
#file="/var/log/ulogd.pcap"
|
||||
sync=1
|
||||
|
||||
[mark1]
|
||||
mark = 1
|
||||
|
@ -4,7 +4,7 @@ Summary: smeserver server and gateway - packetfilter add-on
|
||||
%define name smeserver-packetfilter
|
||||
Name: %{name}
|
||||
%define version 11.0.0
|
||||
%define release 4
|
||||
%define release 5
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
@ -27,8 +27,11 @@ Provides: e-smith-packetfilter
|
||||
smeserver server and gateway software - packetfilter add-on
|
||||
|
||||
%changelog
|
||||
* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-5.sme
|
||||
- Migrate from ULOG to NFLOG [SME: 12557]
|
||||
|
||||
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
|
||||
- Update createlinks to create smeserver-package-update event[SME: 12579]
|
||||
- Update createlinks to create smeserver-package-update event [SME: 12579]
|
||||
|
||||
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-3.sme
|
||||
- Set license file to GPL2.0 [SME: 12577]
|
||||
@ -53,7 +56,7 @@ smeserver server and gateway software - packetfilter add-on
|
||||
Fri Apr 09 2007 --> Fri Apr 06 2007 or Mon Apr 09 2007 or Fri Apr 13 2007 or ....
|
||||
|
||||
* Mon Nov 15 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-8.sme
|
||||
- restrict VPN networks to their interface [SME: 11640]
|
||||
- restrict VPN networks to their interface [SME: 11640]
|
||||
remove remoteVPNSubnet property added VPNif property
|
||||
|
||||
* Wed Apr 07 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-7.sme
|
||||
@ -99,7 +102,7 @@ smeserver server and gateway software - packetfilter add-on
|
||||
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
|
||||
- Clean up spec so package can be built by koji/plague
|
||||
|
||||
* Fri Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
|
||||
* Mon Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
|
||||
- Fix masq error in server only mode (cannot open UDPPort) [SME: 2812]
|
||||
|
||||
* Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.18.0-4
|
||||
|
Loading…
Reference in New Issue
Block a user