[Firehol-support] Testing and emulation with network namespaces

Phil Whineray phil at sanewall.org
Thu Apr 2 08:56:39 CEST 2015


OK, I think logging can be considered at part solved.

On Wed, Apr 01, 2015 at 10:54:10PM +0100, Phil Whineray wrote:
> > 4. Last time I checked, namespaces had an issue with logging,
> > especially kernel logging. I was unable to monitor the iptables logs
> > of the namespaces. Have you found any solution?

> I guess this is due to the logs being passed over some form of network
> link but I tried simply starting a ulogd in the approriate namespace
> and that did not work either.

Actually, starting a ulogd in the namespace does work; I was trying to
use NFLOG with ulogd1 which does not. When I disabled IPv6 and used
ULOG I got iptables ouput for the appropriate namespace.

This needs verifying with ulogd2 to check that it works for NFLOG also.

In addition I just did this:
  sudo ip netns exec fw /etc/init.d/ulogd restart

So I need to check if we can start multiple ulogd instances and write
to separate log files.

Cheers
Phil


More information about the Firehol-support mailing list