[Firehol-support] Testing and emulation with network namespaces
Phil Whineray
phil at sanewall.org
Thu Apr 2 07:56:39 BST 2015
OK, I think logging can be considered at part solved.
On Wed, Apr 01, 2015 at 10:54:10PM +0100, Phil Whineray wrote:
> > 4. Last time I checked, namespaces had an issue with logging,
> > especially kernel logging. I was unable to monitor the iptables logs
> > of the namespaces. Have you found any solution?
> I guess this is due to the logs being passed over some form of network
> link but I tried simply starting a ulogd in the approriate namespace
> and that did not work either.
Actually, starting a ulogd in the namespace does work; I was trying to
use NFLOG with ulogd1 which does not. When I disabled IPv6 and used
ULOG I got iptables ouput for the appropriate namespace.
This needs verifying with ulogd2 to check that it works for NFLOG also.
In addition I just did this:
sudo ip netns exec fw /etc/init.d/ulogd restart
So I need to check if we can start multiple ulogd instances and write
to separate log files.
Cheers
Phil
More information about the Firehol-support
mailing list