* Wed Jan 15 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme

- remove Requires: daemontools [SME: 12566]

.gitignore

@@ -2,3 +2,4 @@
 *.log
 *spec-20*
 *.tar.xz
+*.bak

README.md

@@ -6,7 +6,14 @@ SMEServer Koozali developed git repo for smeserver-packetfilter smeserver
 <br />https://wiki.koozali.org/
 
 ## Bugzilla
-Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-packetfilter&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)\
+Show list of outstanding bugs:
+[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-packetfilter&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-packetfilter&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
 And a list of outstanding Legacy bugs: (e-smith-packetfilter) [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-packetfilter&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
 
 ## Description

contriborbase

@@ -1 +0,0 @@
-sme10

root/etc/dnf/plugins/post-transaction-actions.d/ulogd.action

@@ -0,0 +1 @@
+ulogd:any:/sbin/e-smith/signal-event smeserver-packetfilter-update

root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustDenyLog

@@ -9,7 +9,7 @@
     elsif ($logging eq "all")
     {
         $OUT .= <<"HERE";
-    /sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 1 --jump NFLOG --nflog-group 0 --nflog-prefix \"denylog:\"
     /sbin/iptables --replace denylog 2 --jump $target
     /sbin/iptables --replace denylog 3 --jump $target
     /sbin/iptables --replace denylog 4 --jump $target
@@ -22,7 +22,7 @@ HERE
     /sbin/iptables --replace denylog 1 -p udp --dport 520 --jump $target
     /sbin/iptables --replace denylog 2 -p udp --dport 137:139 --jump $target
     /sbin/iptables --replace denylog 3 -p tcp --dport 137:139 --jump $target
-    /sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 1 --nflog-prefix \"denylog:\"
+    /sbin/iptables --replace denylog 4 --jump NFLOG --nflog-group 0 --nflog-prefix \"denylog:\"
     /sbin/iptables --replace denylog 5 --jump $target
 HERE
     }

root/etc/e-smith/templates/etc/ulogd.conf/10global

@@ -1,7 +1,8 @@
 [global]
-# Not necessarily required 
-nlgroup=1
 
+######################################################################
+# GLOBAL OPTIONS
+######################################################################
 logfile=/var/log/ulogd/ulogd.log
 loglevel=1
 rmem=131071

root/etc/e-smith/templates/etc/ulogd.conf/30stacks

@@ -1,16 +1,12 @@
 
-# reetp which one of these do we need?
-# I think log2
-
-# this is a stack for logging packet send by system via LOGEMU
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+######################################################################
+# STACKS
+######################################################################
 
 # this is a stack for packet-based logging via LOGEMU
-stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
 
+# I think log2
 # this is a stack for ULOG packet-based logging via LOGEMU
 # reetp - non functioning
 #stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for packet-based logging via LOGEMU with filtering on MARK
-#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

root/etc/e-smith/templates/etc/ulogd.conf/40configs

@@ -1,7 +1,11 @@
-# Logging of system packet through NFLOG
+
+######################################################################
+# OPTIONS FOR EACH PLUGINS IN SEPARATE SECTIONS
+######################################################################
+
 [log1]
 # netlink multicast group (the same as the iptables --nflog-group param)
-# Group O is used by the kernel to log connection tracking invalid message
+# Group 0 is used by the kernel to log connection tracking invalid message
 group=0
 #netlink_socket_buffer_size=217088
 #netlink_socket_buffer_maxsize=1085440
@@ -10,66 +14,7 @@ group=0
 # set the delay before flushing packet in the queue inside kernel (in 10ms)
 #netlink_qtimeout=100
 
-# packet logging through NFLOG for group 1
-[log2]
-# netlink multicast group (the same as the iptables --nflog-group param)
-group=1 # Group has to be different from the one use in log1
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
-# group 0 is not used by any stack, you need to have at least one NFLOG
-# input plugin with bind set to 1. If you don't do that you may not
-# receive any message from the kernel.
-#bind=1
-
-# packet logging through NFLOG for group 2, numeric_label is
-# set to 1
-[log3]
-# netlink multicast group (the same as the iptables --nflog-group param)
-group=2 # Group has to be different from the one use in log1/log2
-numeric_label=1 # you can label the log info based on the packet verdict
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-#bind=1
-
-[ulog1]
-# netlink multicast group (the same as the iptables --ulog-nlgroup param)
-nlgroup=1
-#numeric_label=0 # optional argument
-
 [emu1]
-file="/var/log/ulogd/syslogemu.log"
+file="/var/log/iptables/denylog.log"
 sync=1
 
-[json1]
-sync=1
-#file="/var/log/ulogd.json"
-#timestamp=0
-# device name to be used in JSON message
-#device="My awesome Netfilter firewall"
-# If boolean_label is set to 1 then the numeric_label put on packet
-# by the input plugin is coding the action on packet: if 0, then
-# packet has been blocked and if non null it has been accepted.
-#boolean_label=1
-# Uncomment the following line to use JSON v1 event format that
-# can provide better compatility with some JSON file reader.
-#eventv1=1
-# Uncomment the following lines to send the JSON logs to a remote host via UDP
-#mode="udp"
-#host="192.0.2.10"
-#port="10210"
-# Uncomment the following lines to send the JSON logs to a remote host via TCP
-#mode="tcp"
-#host="192.0.2.10"
-#port="10210"
-# Uncomment the following lines to send the JSON logs to a local unix socket
-#mode="unix"
-#file="/var/run/ulogd.socket"
-
-[pcap1]
-#default file is /var/log/ulogd.pcap
-#file="/var/log/ulogd.pcap"
-sync=1
-
-[mark1]
-mark = 1

root/etc/yum/post-actions/ulogd.action

@@ -1 +0,0 @@
-ulogd:any:/sbin/e-smith/expand-template /etc/logrotate.d/ulogd

root/usr/lib/systemd/system/ulogd.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Netfilter Userspace Logging Daemon
-Before=masq.service
-
-[Service]
-User=root
-Group=root
-Restart=always
-TimeoutSec=0
-Type=forking
-
-PIDFile=/run/ulog/ulogd.pid
-ExecStart=/usr/sbin/ulogd --daemon --uid ulog --pidfile /run/ulog/ulogd.pid
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=sme-server.target multi-user.target

root/usr/lib/tmpfiles.d/ulog.conf

@@ -1 +0,0 @@
-d /run/ulog 2755 ulog ulog

smeserver-packetfilter.spec

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - packetfilter add-on
 %define name smeserver-packetfilter
 Name: %{name}
 %define version 11.0.0
-%define release 5
+%define release 11
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -14,8 +14,7 @@ Source: %{name}-%{version}.tar.xz
 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
 BuildArchitectures: noarch
 Requires: smeserver-base >= 5.8.0-49
-Requires: ulogd >= 2
-Requires: daemontools
+Requires: ulogd >= 2.0.7-2
 Requires: iptables
 BuildRequires: smeserver-devtools
 Obsoletes: e-smith-ipmasq
@@ -27,7 +26,20 @@ Provides: e-smith-packetfilter
 smeserver server and gateway software - packetfilter add-on
 
 %changelog
-* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-5.sme
+* Wed Jan 15 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
+- remove Requires: daemontools [SME: 12566]
+
+* Thu Apr 18 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
+- improve ULOG to NFLOG migration [SME: 12557]
+- update post-transaction-actions to use signal-event
+
+* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
+- move ulogd.service and tmpfile.d to service package [SME: 12538]
+
+* Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
+- move post-transaction-actions [SME: 12534]
+
+* Fri Apr 12 2024 John Crisp <jcrisp@safeandsoundit.co.uk> 11.0.0-6.sme
 - Migrate from ULOG to NFLOG  [SME: 12557]
 
 * Thu Apr 04 2024 Brian Read <brianr@koozali.org> 11.0.0-4.sme