firewall: Configure TRACE target to log to syslog

author Michael Tremer <michael.tremer@ipfire.org>

Mon, 29 Jun 2020 14:53:17 +0000 (14:53 +0000)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Wed, 1 Jul 2020 12:12:59 +0000 (12:12 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Mon, 29 Jun 2020 14:53:17 +0000 (14:53 +0000)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Wed, 1 Jul 2020 12:12:59 +0000 (12:12 +0000)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall

index b0890c71731b8c90747227b6cacc540c5485289e..ab3a0bbf9c9a6151b89686c2308dac5b8be11944 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -32,6 +32,10 @@ iptables_init() {
         iptables -P FORWARD DROP
         iptables -P OUTPUT ACCEPT
  
+       # Enable TRACE logging to syslog
+       modprobe nf_log_ipv4
+       sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
         # Empty LOG_DROP and LOG_REJECT chains
         iptables -N LOG_DROP
         iptables -A LOG_DROP   -m limit --limit 10/second -j LOG
author	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 29 Jun 2020 14:53:17 +0000 (14:53 +0000)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Wed, 1 Jul 2020 12:12:59 +0000 (12:12 +0000)