Subject: Re: /proc/net/netfilter/nf_log boot setup / persistence
Bonjour,
On Sun, 2014-04-06 at 18:24 +0200, oatech wrote:
Hi
I manage to change the /proc/net/netfilter/nf_log flags using echo >
/process/sys/netfilter/nf_log/ ...
( For IPv6 nflogging )
But it gets deleted at reboot.
Worse, using a boot-time script fails ( the flags get overwritten )
Using /etc/sysctl.conf doesn't seem to work.
I fear your firewall script is running after sysctl.conf settings are
installed. Usually the firewall script is triggering the loading of
logging modules.
I end up using a 1minute cron job that rewrites the flags each minute.
Is there a better way ? Or a sysctl.conf kind config file ?
The most handy way can be to load the Netfilter modules at start For
example by putting them in /etc/modules (at least for debian). Then when
sysctl settings will be evaluated you should get a working config.
Thanks :-)
You're welcome (if my suggestion works) ;)
BR,
--
Eric . <eric@.>
Hi
Thanks for the answer
I'm not a Linux Sysadmin ( I'm a network admin mostly, just using Linux
networking daemons for learning ) so I tried
your suggestion but got confused.
I'm Using Ubuntu Trusty Beta ( almost Debian so ).
I did found /etc/modules and try to play with it, but just managed
to breack the whole nflog thing : cat .../netfilter/nflog went totally
emptied.
Did reinstall thus ..
Please could someone help me precise what would need to be :
1) in /etc/modules
2) in the firewall start script ( just the main lines ... some modprobes
maybe ?
....)
Thanks
---
Ce courrier électronique ne contient aucun virus ou logiciel malveillant parce que la protection avast! Antivirus est active.
http://www.avast.com
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
