Commit d47507f3 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: log: nflog

parent eb1673e9
......@@ -2,12 +2,14 @@
"log": {
"dual": { "mode": "log", "mirror": "fc00::1" },
"mirror": { "mirror": [ "10.0.0.1", "10.0.0.2", "fc00::2" ] },
"nflog": { "mode": "nflog", "group": 1, "range": 128 },
"none": { "mode": "none" },
"ulog": { "mode": "ulog", "limit": { "interval": 5 } }
},
"packet-log": [
{ "out": "_fw" },
{ "out": "_fw", "log": "mirror" },
{ "out": "_fw", "log": "nflog" },
{ "out": "_fw", "log": "ulog" }
],
"filter": [
......
......@@ -8085,6 +8085,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"}
(log)
......@@ -8141,7 +8144,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"}
Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
......@@ -10306,6 +10314,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -13186,6 +13195,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -1950,6 +1950,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......
......@@ -571,6 +571,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -59513,6 +59513,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"}
(log)
......@@ -59569,7 +59572,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"}
Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
......@@ -68693,6 +68701,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -100475,6 +100484,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
......@@ -8909,6 +8909,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -8882,6 +8882,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set
......@@ -433,6 +433,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"}
(log)
......@@ -489,7 +492,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"}
Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
......@@ -804,6 +812,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -1022,6 +1031,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -100,6 +100,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......
......@@ -73,6 +73,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -429,6 +429,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"}
(log)
......@@ -485,7 +488,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"}
Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
......@@ -796,6 +804,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -1018,6 +1027,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -96,6 +96,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......
......@@ -63,6 +63,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"}
(log)
......@@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"}
Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
......@@ -736,6 +744,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -928,6 +937,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -90,6 +90,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......
......@@ -63,6 +63,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -363,6 +363,9 @@ Log dual {"mirror":"fc00::1","mode":"log"}
Log mirror {"mirror":["10.0.0.1","10.0.0.2","fc00::2"]}
(log)
Log nflog {"group":1,"mode":"nflog","range":128}
(log)
Log none {"mode":"none"}
(log)
......@@ -419,7 +422,12 @@ Packet-log 2 {"log":"mirror","out":"_fw"}
inet/filter/INPUT -j TEE --gateway 10.0.0.2
inet6/filter/INPUT -j TEE --gateway fc00::2
Packet-log 3 {"log":"ulog","out":"_fw"}
Packet-log 3 {"log":"nflog","out":"_fw"}
(log)
inet/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
inet6/filter/INPUT -j NFLOG --nflog-group 1 --nflog-size 128
Packet-log 4 {"log":"ulog","out":"_fw"}
(log)
inet/filter/INPUT -m limit --limit 12/minute -j ULOG
......@@ -730,6 +738,7 @@ hash:net family inet
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......@@ -921,6 +930,7 @@ COMMIT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
......@@ -90,6 +90,7 @@
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmp -j icmp-routing
-A INPUT -m limit --limit 12/minute -j ULOG
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway 10.0.0.2
-A INPUT -j TEE --gateway 10.0.0.1
-A INPUT -m limit --limit 1/second -j LOG
......
......@@ -63,6 +63,7 @@
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment