Commit d0d37da6 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: log: nflog

parent f5a07231
...@@ -2,12 +2,14 @@ ...@@ -2,12 +2,14 @@
"log": { "log": {
"dual": { "mode": "log", "mirror": "fc00::1" }, "dual": { "mode": "log", "mirror": "fc00::1" },
"mirror": { "mirror": [ "10.0.0.1", "10.0.0.2", "fc00::2" ] }, "mirror": { "mirror": [ "10.0.0.1", "10.0.0.2", "fc00::2" ] },
"nflog": { "mode": "nflog", "group": 1, "range": 128 },
"none": { "mode": "none" }, "none": { "mode": "none" },
"ulog": { "mode": "ulog", "limit": { "interval": 5 } } "ulog": { "mode": "ulog", "limit": { "interval": 5 } }
}, },
"packet-log": [ "packet-log": [
{ "out": "_fw" }, { "out": "_fw" },
{ "out": "_fw", "log": "mirror" }, { "out": "_fw", "log": "mirror" },
{ "out": "_fw", "log": "nflog" },
{ "out": "_fw", "log": "ulog" } { "out": "_fw", "log": "ulog" }
], ],
"filter": [ "filter": [
......
...@@ -8085,6 +8085,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} ...@@ -8085,6 +8085,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log) (log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"} Log none {"mode":"none"}
(log) (log)
...@@ -8141,7 +8144,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} ...@@ -8141,7 +8144,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2 inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"} Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log) (log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG inet/filter/INPUT -m limit --limit 12/minute -j ULOG
...@@ -10306,6 +10314,7 @@ hash:net family inet ...@@ -10306,6 +10314,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -13186,6 +13195,7 @@ COMMIT ...@@ -13186,6 +13195,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -1950,6 +1950,7 @@ ...@@ -1950,6 +1950,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
......
...@@ -571,6 +571,7 @@ ...@@ -571,6 +571,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -59513,6 +59513,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} ...@@ -59513,6 +59513,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log) (log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"} Log none {"mode":"none"}
(log) (log)
...@@ -59569,7 +59572,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} ...@@ -59569,7 +59572,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2 inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"} Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log) (log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG inet/filter/INPUT -m limit --limit 12/minute -j ULOG
...@@ -68693,6 +68701,7 @@ hash:net family inet ...@@ -68693,6 +68701,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -100475,6 +100484,7 @@ COMMIT ...@@ -100475,6 +100484,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
...@@ -8909,6 +8909,7 @@ ...@@ -8909,6 +8909,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -8882,6 +8882,7 @@ ...@@ -8882,6 +8882,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
...@@ -433,6 +433,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} ...@@ -433,6 +433,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log) (log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"} Log none {"mode":"none"}
(log) (log)
...@@ -489,7 +492,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} ...@@ -489,7 +492,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2 inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"} Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log) (log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG inet/filter/INPUT -m limit --limit 12/minute -j ULOG
...@@ -804,6 +812,7 @@ hash:net family inet ...@@ -804,6 +812,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -1022,6 +1031,7 @@ COMMIT ...@@ -1022,6 +1031,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -100,6 +100,7 @@ ...@@ -100,6 +100,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
......
...@@ -73,6 +73,7 @@ ...@@ -73,6 +73,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -429,6 +429,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} ...@@ -429,6 +429,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log) (log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"} Log none {"mode":"none"}
(log) (log)
...@@ -485,7 +488,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} ...@@ -485,7 +488,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2 inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"} Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log) (log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG inet/filter/INPUT -m limit --limit 12/minute -j ULOG
...@@ -796,6 +804,7 @@ hash:net family inet ...@@ -796,6 +804,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -1018,6 +1027,7 @@ COMMIT ...@@ -1018,6 +1027,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -96,6 +96,7 @@ ...@@ -96,6 +96,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
......
...@@ -63,6 +63,7 @@ ...@@ -63,6 +63,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} ...@@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log) (log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"} Log none {"mode":"none"}
(log) (log)
...@@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} ...@@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2 inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"} Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log) (log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG inet/filter/INPUT -m limit --limit 12/minute -j ULOG
...@@ -736,6 +744,7 @@ hash:net family inet ...@@ -736,6 +744,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -928,6 +937,7 @@ COMMIT ...@@ -928,6 +937,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -90,6 +90,7 @@ ...@@ -90,6 +90,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
......
...@@ -63,6 +63,7 @@ ...@@ -63,6 +63,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"} ...@@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]} Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log) (log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"} Log none {"mode":"none"}
(log) (log)
...@@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"} ...@@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2 inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2 inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"} Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log) (log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG inet/filter/INPUT -m limit --limit 12/minute -j ULOG
...@@ -730,6 +738,7 @@ hash:net family inet ...@@ -730,6 +738,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
...@@ -921,6 +930,7 @@ COMMIT ...@@ -921,6 +930,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
...@@ -90,6 +90,7 @@ ...@@ -90,6 +90,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing -A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG -A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2 -A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1 -A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
......
...@@ -63,6 +63,7 @@ ...@@ -63,6 +63,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing -A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2 -A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment