Fix [SME: 12257]

This commit is contained in:
John Crisp 2024-04-12 13:50:48 +02:00
parent 65a899e526
commit d24edca890
6 changed files with 98 additions and 16 deletions

View File

@ -9,7 +9,7 @@
elsif ($logging eq "all")
{
$OUT .= <<"HERE";
/sbin/iptables --replace denylog 1 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
/sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
/sbin/iptables --replace denylog 2 --jump $target
/sbin/iptables --replace denylog 3 --jump $target
/sbin/iptables --replace denylog 4 --jump $target
@ -22,7 +22,7 @@ HERE
/sbin/iptables --replace denylog 1 -p udp --dport 520 --jump $target
/sbin/iptables --replace denylog 2 -p udp --dport 137:139 --jump $target
/sbin/iptables --replace denylog 3 -p tcp --dport 137:139 --jump $target
/sbin/iptables --replace denylog 4 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
/sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
/sbin/iptables --replace denylog 5 --jump $target
HERE
}

View File

@ -1,7 +1,9 @@
[global]
# Not necessarily required
nlgroup=1
logfile=/var/log/ulogd/ulogd.log
loglevel=5
loglevel=1
rmem=131071
bufsize=150000

View File

@ -9,11 +9,11 @@
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below
#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
#plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
#plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"

View File

@ -1,4 +1,16 @@
#our base stack ULOG to LOGEMU
stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
# reetp which one of these do we need?
# I think log2
# this is a stack for logging packet send by system via LOGEMU
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
# this is a stack for packet-based logging via LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
# this is a stack for ULOG packet-based logging via LOGEMU
# reetp - non functioning
#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
# this is a stack for packet-based logging via LOGEMU with filtering on MARK
#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

View File

@ -1,10 +1,75 @@
# Logging of system packet through NFLOG
[log1]
# netlink multicast group (the same as the iptables --nflog-group param)
# Group O is used by the kernel to log connection tracking invalid message
group=0
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
# set number of packet to queue inside kernel
#netlink_qthreshold=1
# set the delay before flushing packet in the queue inside kernel (in 10ms)
#netlink_qtimeout=100
# packet logging through NFLOG for group 1
[log2]
# netlink multicast group (the same as the iptables --nflog-group param)
group=1 # Group has to be different from the one use in log1
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
# group 0 is not used by any stack, you need to have at least one NFLOG
# input plugin with bind set to 1. If you don't do that you may not
# receive any message from the kernel.
#bind=1
# packet logging through NFLOG for group 2, numeric_label is
# set to 1
[log3]
# netlink multicast group (the same as the iptables --nflog-group param)
group=2 # Group has to be different from the one use in log1/log2
numeric_label=1 # you can label the log info based on the packet verdict
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
#bind=1
[ulog1]
# denylog:
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup=1
#numeric_label=0 # optional argument
[emu1]
file="/var/log/iptables/denylog.log"
file="/var/log/ulogd/syslogemu.log"
sync=1
[json1]
sync=1
#file="/var/log/ulogd.json"
#timestamp=0
# device name to be used in JSON message
#device="My awesome Netfilter firewall"
# If boolean_label is set to 1 then the numeric_label put on packet
# by the input plugin is coding the action on packet: if 0, then
# packet has been blocked and if non null it has been accepted.
#boolean_label=1
# Uncomment the following line to use JSON v1 event format that
# can provide better compatility with some JSON file reader.
#eventv1=1
# Uncomment the following lines to send the JSON logs to a remote host via UDP
#mode="udp"
#host="192.0.2.10"
#port="10210"
# Uncomment the following lines to send the JSON logs to a remote host via TCP
#mode="tcp"
#host="192.0.2.10"
#port="10210"
# Uncomment the following lines to send the JSON logs to a local unix socket
#mode="unix"
#file="/var/run/ulogd.socket"
[pcap1]
#default file is /var/log/ulogd.pcap
#file="/var/log/ulogd.pcap"
sync=1
[mark1]
mark = 1

View File

@ -4,7 +4,7 @@ Summary: smeserver server and gateway - packetfilter add-on
%define name smeserver-packetfilter
Name: %{name}
%define version 11.0.0
%define release 4
%define release 5
Version: %{version}
Release: %{release}%{?dist}
License: GPL
@ -27,8 +27,11 @@ Provides: e-smith-packetfilter
smeserver server and gateway software - packetfilter add-on
%changelog
* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-5.sme
- Migrate from ULOG to NFLOG [SME: 12557]
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
- Update createlinks to create smeserver-package-update event[SME: 12579]
- Update createlinks to create smeserver-package-update event [SME: 12579]
* Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-3.sme
- Set license file to GPL2.0 [SME: 12577]
@ -53,7 +56,7 @@ smeserver server and gateway software - packetfilter add-on
Fri Apr 09 2007 --> Fri Apr 06 2007 or Mon Apr 09 2007 or Fri Apr 13 2007 or ....
* Mon Nov 15 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-8.sme
- restrict VPN networks to their interface [SME: 11640]
- restrict VPN networks to their interface [SME: 11640]
remove remoteVPNSubnet property added VPNif property
* Wed Apr 07 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-7.sme
@ -99,7 +102,7 @@ smeserver server and gateway software - packetfilter add-on
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
- Clean up spec so package can be built by koji/plague
* Fri Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
* Mon Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
- Fix masq error in server only mode (cannot open UDPPort) [SME: 2812]
* Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.18.0-4