Re: [Shorewall-users] Want to log all ISP traffic to ULOG

Thu, 10 Jan 2008 12:31:25 -0800 

Andrew Suffield wrote:
> On Thu, Jan 10, 2008 at 01:20:39PM -0700, Orion Poplawski wrote:
>> Andrew Suffield wrote:
>>> On Thu, Jan 10, 2008 at 12:39:43PM -0700, Orion Poplawski wrote:
>>>> I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate 
>>>> NetFlow information about traffic going through my router.  The question 
>>>> is how to get the logging rules added to the appropriate chains (I'm 
>>>> assuming eth2_in and eth2_out in my case)?  I'm using the perl version 
>>>> of shorewall 4.0.6.
>>> http://www.shorewall.net/shorewall_logging.html#ULOG
>>>
>> Yes, but short of appending ":ULOG" to all of my rules, I don't see how 
>> I can log every packet going in and out of the ISP interface to ULOG. 
>> By default shorewall is configured to log rejected and dropped traffic, 
>> not accepted traffic.
>>
>> I guess I could do:
>>
>> loc             net             ACCEPT       ULOG
>>
>> in my policy file for outgoing traffic.  But what about incoming?
> 
>        ACTION   %G—%@   
> {ACCEPT[+|!]|NONAT|DROP[!]|REJECT[!]|DNAT[-]|SAME[-]|REDI$B!>(B
>        
> RECT[-]|CONTINUE[!]|LOG|QUEUE[!]|NFQUEUE[/queuenumber]|COMMENT|ac$B!>(B
>        tion|macro[/target]}[:{log-level|none}[!][:tag]]
>               Specifies the action to  be  taken  if  the  connection  request
>               matches the rule. Must be one of the following.
> 
>               ACCEPT Allow the connection request.
> 
>               ACCEPT+
>                      like  ACCEPT  but  also  excludes the connection from any
>                      subsequent matching DNAT[-] or REDIRECT[-] rules
> 
> [...]
> 
>               LOG    Simply log the packet and continue with the next rule.

And be sure to put the appropriate log rules in all three sections of the
rules file.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Attachment: signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to