More update,....
I have put new iptables version (1.2.7a-7 from Debian), and no
change:
$ iptables -A INPUT -j ULOG -p tcp -m state --state NEW
iptables v1.2.7a: You must specify `--state'
Try `iptables -h' or 'iptables --help' for more information.
also it looks that ULOG is not working at all:
Chain INPUT (policy ACCEPT 128K packets, 77M bytes)
pkts bytes target prot opt in out source destination
5065 374K ACCEPT all -- * * xxx.xxx.xxx.xxx/19 xxx.xxx.xxx.xxx
0 0 ACCEPT all -- * * xxx.xxx.xxx.xxx/18 xxx.xxx.xxx.xxx
4022 338K ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `INPUT:DROP' queue_threshold 1
12630 1061K ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `INPUT:DROP' queue_threshold 50
12630 1061K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
kernel is matching packets but ulogd doesnt produce any output in log
files. I have tried to strace ulogd but it just waits in "recvfrom(6,",
and according to lsof descriptor 6 is:
ulogd 21070 root 6u sock 0,0 322745 can't identify protocol
Any help appreciated.
--
@
