From 78b65ea7e39c89573b7bf60c5d55b925363de832 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 29 Jun 2020 14:53:17 +0000
Subject: [PATCH] firewall: Configure TRACE target to log to syslog

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 src/initscripts/system/firewall | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index b0890c7173..ab3a0bbf9c 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -32,6 +32,10 @@ iptables_init() {
 	iptables -P FORWARD DROP
 	iptables -P OUTPUT ACCEPT
 
+	# Enable TRACE logging to syslog
+	modprobe nf_log_ipv4
+	sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
 	# Empty LOG_DROP and LOG_REJECT chains
 	iptables -N LOG_DROP
 	iptables -A LOG_DROP   -m limit --limit 10/second -j LOG
-- 
2.39.2