[Firehol-support] Ulog

Philippe Berini philippe at berini.org
Sun Nov 30 12:08:49 CET 2003

* Costa Tsaousis <costa at tsaousis.gr> [Sun 30 Nov 03 00:27]:

Costa, thanks for your answer. I'll change its order in my own answer:

> How do you plan to use ULOG?
> Is it usefull for normal traffic, rejected/dropped traffic or both?
> You want it on the server/client rules or in default dropped/rejected
> logging?

I run Debian on my personal machine at home, so I have no important
needs: it's just for the sake of having things working well ;-)

The use of ULOG, for me, is to avoid packet logs logged into syslog, and
then appearing on the console.
I know that this topic has been dealt with in the doc and in the forum,
but the suggested solutions don't work in Debian (or at least I can't
succeed to have them work). I know, however, that ULOG can be used in
Debian, since some months ago, before discovering FireHOL, I was using
Shorewall with ULOG, and it was working. 
But I prefer FireHOL, and I'll stick to it anyway ;-)

> you are the first asking for ULOG. You can allways use:

> server x ULOG    # (note the capitals)

> in your config. However you will not be able to use the custom --ulog*
> options.

Not sure to understand. I tried (with FireHOL explain):

# FireHOL [:] > server x ULOG

# \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
# Cmd Line : 1
# Command  : server x ULOG

ERROR #: 1
WHAT   : Executing user input
WHY    : The command used requires that a primary command is set.
COMMAND: server x ULOG
SOURCE : line 1 of Interactive User Input

> Another temporary workaround is to use normal iptables statements within
> your FireHOL config to do whatever you like.

Then I tried the following:

# FireHOL [:] > iptables -t filter -A INPUT -p all -j ULOG

# \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
# Cmd Line : 1
# Command  : iptables -t filter -A INPUT -p all -j ULOG
/sbin/iptables -t filter -A INPUT -p all -j ULOG

# > OK <
# FireHOL [:] > quit

This is accepted, so I put it in my firehol.conf.
The problem is that I still have the LOG rules in iptables:

#iptables -vL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 DROP       all  --  any    any     anywhere             anywhere            state INVALID
    0     0 ULOG       all  --  any    any     anywhere             anywhere            ULOG copy_range 0 nlgroup 1 prefix `DefaultDrop' queu$
    0     0 in_home    all  --  eth0   any     localnet/24          anywhere
    0     0 in_internet  all  --  ppp+   any     anywhere             anywhere
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED
    0     0 LOG        all  --  any    any     anywhere             anywhere            limit: avg 1/sec burst 5 LOG level warning prefix `IN$
    0     0 DROP       all  --  any    any     anywhere             anywhere

So FireHol doesn't complain, but my logs still go to syslog, instead of
/var/log/ulogd.syslogemu, where they should go in my Debian.

> I'll do my best to include full ULOG support in firehol asap.

If I can't use the above workarounds, I'll wait until that.

Philippe Berini

More information about the Firehol-support mailing list