I apologize if this is a duplicate posting, but it did not get this message bounced back by the list, nor did it show up in the archive. I am able to capture packets via QUEUE, but not ULOG. I've have these two rules: Chain OUTPUT (policy ACCEPT) target prot opt source destination ULOG 0 -- anywhere 10.0.0.2 ULOG copy_range 0 nlgroup 1 queue_threshold 1 QUEUE 0 -- anywhere 10.0.0.1 And I'm running libnetfilter_queue/utils/nfqnl_test and libnetfilter_log/utils/nfulnl_test When I ping 10.0.0.1 I get pkt received hw_protocol=0x0000 hook=3 id=4 outdev=3 payload_len=84 entering callback pkt received hw_protocol=0x0000 hook=3 id=5 outdev=3 payload_len=84 from the nfqnl_tst process. When I ping 10.0.0.2 I get nothing from the nfulnl_test process. When I run 'nfulnl_test' I get this output unbinding existing nf_log handler for AF_INET (if any) binding nfnetlink_log to AF_INET binding this socket to group 0 binding this socket to group 100 setting copy_packet mode registering callback for group 0 going into main loop The 100, and zeros worry me a little, since the iptables end talks about groups but limits them to the range 1-32. What have I failed to understand about ULOG? Thank you, -- Brian Litzinger
