philippe at berini.org
Sun Nov 30 11:08:49 GMT 2003
* Costa Tsaousis <costa at tsaousis.gr> [Sun 30 Nov 03 00:27]:
Costa, thanks for your answer. I'll change its order in my own answer:
> How do you plan to use ULOG?
> Is it usefull for normal traffic, rejected/dropped traffic or both?
> You want it on the server/client rules or in default dropped/rejected
I run Debian on my personal machine at home, so I have no important
needs: it's just for the sake of having things working well ;-)
The use of ULOG, for me, is to avoid packet logs logged into syslog, and
then appearing on the console.
I know that this topic has been dealt with in the doc and in the forum,
but the suggested solutions don't work in Debian (or at least I can't
succeed to have them work). I know, however, that ULOG can be used in
Debian, since some months ago, before discovering FireHOL, I was using
Shorewall with ULOG, and it was working.
But I prefer FireHOL, and I'll stick to it anyway ;-)
> you are the first asking for ULOG. You can allways use:
> server x ULOG # (note the capitals)
> in your config. However you will not be able to use the custom --ulog*
Not sure to understand. I tried (with FireHOL explain):
# FireHOL [:] > server x ULOG
# Cmd Line : 1
# Command : server x ULOG
ERROR #: 1
WHAT : Executing user input
WHY : The command used requires that a primary command is set.
COMMAND: server x ULOG
SOURCE : line 1 of Interactive User Input
> Another temporary workaround is to use normal iptables statements within
> your FireHOL config to do whatever you like.
Then I tried the following:
# FireHOL [:] > iptables -t filter -A INPUT -p all -j ULOG
# Cmd Line : 1
# Command : iptables -t filter -A INPUT -p all -j ULOG
/sbin/iptables -t filter -A INPUT -p all -j ULOG
# > OK <
# FireHOL [:] > quit
This is accepted, so I put it in my firehol.conf.
The problem is that I still have the LOG rules in iptables:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 ULOG all -- any any anywhere anywhere ULOG copy_range 0 nlgroup 1 prefix `DefaultDrop' queu$
0 0 in_home all -- eth0 any localnet/24 anywhere
0 0 in_internet all -- ppp+ any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED
0 0 LOG all -- any any anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `IN$
0 0 DROP all -- any any anywhere anywhere
So FireHol doesn't complain, but my logs still go to syslog, instead of
/var/log/ulogd.syslogemu, where they should go in my Debian.
> I'll do my best to include full ULOG support in firehol asap.
If I can't use the above workarounds, I'll wait until that.
More information about the Firehol-support