* Wed Jan 15 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme

- remove Requires: daemontools [SME: 12566]

.gitignore

@@ -2,3 +2,4 @@
 *.log
 *spec-20*
 *.tar.xz
+*.bak

README.md

@@ -6,7 +6,14 @@ SMEServer Koozali developed git repo for smeserver-packetfilter smeserver
 <br />https://wiki.koozali.org/
 
 ## Bugzilla
-Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-packetfilter&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)\
+Show list of outstanding bugs:
+[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-packetfilter&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
 And a list of outstanding Legacy bugs: (e-smith-packetfilter) [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-packetfilter&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
 
 ## Description

contriborbase

@@ -1 +0,0 @@
-sme10

root/etc/dnf/plugins/post-transaction-actions.d/ulogd.action

@@ -0,0 +1 @@
+ulogd:any:/sbin/e-smith/signal-event smeserver-packetfilter-update

root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog

@@ -9,7 +9,7 @@
     elsif ($logging eq "all")
     {
         $OUT .= <<"HERE";
-    /sbin/iptables --replace denylog 1 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 0 --nflog-prefix \"denylog:\"
     /sbin/iptables --replace denylog 2 --jump $target
     /sbin/iptables --replace denylog 3 --jump $target
     /sbin/iptables --replace denylog 4 --jump $target
@@ -22,7 +22,7 @@ HERE
     /sbin/iptables --replace denylog 1 -p udp --dport 520 --jump $target
     /sbin/iptables --replace denylog 2 -p udp --dport 137:139 --jump $target
     /sbin/iptables --replace denylog 3 -p tcp --dport 137:139 --jump $target
-    /sbin/iptables --replace denylog 4 --jump ULOG --ulog-nlgroup 1 --ulog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 0 --nflog-prefix \"denylog:\"
     /sbin/iptables --replace denylog 5 --jump $target
 HERE
     }

root/etc/e-smith/templates/etc/ulogd.conf/10global

@@ -1,7 +1,10 @@
 [global]
-nlgroup=1
+
+######################################################################
+# GLOBAL OPTIONS
+######################################################################
 logfile=/var/log/ulogd/ulogd.log
-loglevel=5
+loglevel=1
 rmem=131071
 bufsize=150000
 

root/etc/e-smith/templates/etc/ulogd.conf/20plugins

@@ -9,11 +9,11 @@
 # 1. load the plugins _first_ from the global section
 # 2. options for each plugin in seperate section below
 
-#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
-plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
-#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
+plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
 #plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
-#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
 #plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
 #plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"

root/etc/e-smith/templates/etc/ulogd.conf/30stacks

@@ -1,4 +1,12 @@
 
-#our base stack ULOG to LOGEMU
-stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+######################################################################
+# STACKS
+######################################################################
 
+# this is a stack for packet-based logging via LOGEMU
+stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# I think log2
+# this is a stack for ULOG packet-based logging via LOGEMU
+# reetp - non functioning
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

root/etc/e-smith/templates/etc/ulogd.conf/40configs

@@ -1,8 +1,18 @@
-[ulog1]
-# denylog:
-# netlink multicast group (the same as the iptables --ulog-nlgroup param)
-nlgroup=1
 
+######################################################################
+# OPTIONS FOR EACH PLUGINS IN SEPARATE SECTIONS
+######################################################################
+
+[log1]
+# netlink multicast group (the same as the iptables --nflog-group param)
+# Group 0 is used by the kernel to log connection tracking invalid message
+group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# set number of packet to queue inside kernel
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in 10ms)
+#netlink_qtimeout=100
 
 [emu1]
 file="/var/log/iptables/denylog.log"

root/etc/yum/post-actions/ulogd.action

@@ -1 +0,0 @@
-ulogd:any:/sbin/e-smith/expand-template /etc/logrotate.d/ulogd

root/usr/lib/systemd/system/ulogd.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Netfilter Userspace Logging Daemon
-Before=masq.service
-
-[Service]
-User=root
-Group=root
-Restart=always
-TimeoutSec=0
-Type=forking
-
-PIDFile=/run/ulog/ulogd.pid
-ExecStart=/usr/sbin/ulogd --daemon --uid ulog --pidfile /run/ulog/ulogd.pid
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=sme-server.target multi-user.target

root/usr/lib/tmpfiles.d/ulog.conf

@@ -1 +0,0 @@
-d /run/ulog 2755 ulog ulog

smeserver-packetfilter.spec

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - packetfilter add-on
 %define name smeserver-packetfilter
 Name: %{name}
 %define version 11.0.0
-%define release 4
+%define release 11
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -14,8 +14,7 @@ Source: %{name}-%{version}.tar.xz
 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
 BuildArchitectures: noarch
 Requires: smeserver-base >= 5.8.0-49
-Requires: ulogd >= 2
-Requires: daemontools
+Requires: ulogd >= 2.0.7-2
 Requires: iptables
 BuildRequires: smeserver-devtools
 Obsoletes: e-smith-ipmasq
@@ -27,8 +26,24 @@ Provides: e-smith-packetfilter
 smeserver server and gateway software - packetfilter add-on
 
 %changelog
+* Wed Jan 15 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
+- remove Requires: daemontools [SME: 12566]
+
+* Thu Apr 18 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
+- improve ULOG to NFLOG migration [SME: 12557]
+- update post-transaction-actions to use signal-event
+
+* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
+- move ulogd.service and tmpfile.d to service package [SME: 12538]
+
+* Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
+- move post-transaction-actions [SME: 12534]
+
+* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-6.sme
+- Migrate from ULOG to NFLOG  [SME: 12557]
+
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme
-- Update createlinks to create smeserver-package-update event[SME: 12579]
+- Update createlinks to create smeserver-package-update event  [SME: 12579]
 
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-3.sme
 - Set license file to GPL2.0  [SME: 12577]
@@ -53,7 +68,7 @@ smeserver server and gateway software - packetfilter add-on
   Fri Apr 09 2007 --> Fri Apr 06 2007 or Mon Apr 09 2007 or Fri Apr 13 2007 or ....
 
 * Mon Nov 15 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-8.sme
-- restrict VPN networks to their interface [SME: 11640]
+- restrict VPN networks to their interface  [SME: 11640]
   remove remoteVPNSubnet property added VPNif property
 
 * Wed Apr 07 2021 Jean-Philippe Pialasse <tests@pialasse.com> 2.6.0-7.sme
@@ -99,7 +114,7 @@ smeserver server and gateway software - packetfilter add-on
 * Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
 - Clean up spec so package can be built by koji/plague
 
-* Fri Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
+* Mon Apr 09 2007 Stephen Noble <support@dungog.net> 1.18.0-5
 - Fix masq error in server only mode (cannot open UDPPort) [SME: 2812] 
 
 * Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.18.0-4