You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When setting FIREHOL_LOG_PREFIX in the config file I still get several log line in the iptables file that are missing the prefix.
The prefix is only applied to some of the log config lines.
Example from /etc/iptables/rules.v4:
[0:0] -A INPUT -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP INVALID INPUT:"
[0:0] -A INPUT -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP UNMATCHED IN-u"
[0:0] -A FORWARD -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"DROP INVALID FORWARD:\""
[0:0] -A FORWARD -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP UNMATCHED PASS"
[0:0] -A OUTPUT -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP INVALID OUTPUT"
[0:0] -A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP UNMATCHED OUT-"
[0:0] -A in_intern -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP INVALID in_int"
[0:0] -A in_intern -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP UNMATCHED IN-i"
[0:0] -A in_public4 -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"DROP INVALID in_public4:\""
[0:0] -A in_public4 -m limit --limit 1/sec -j LOG --log-prefix "\"reject UNMATCHED IN-public4:"
[0:0] -A out_intern -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP INVALID out_in"
[0:0] -A out_intern -m limit --limit 1/sec -j LOG --log-prefix "\"firehol: DROP UNMATCHED OUT-"
[0:0] -A out_public4 -m conntrack --ctstate INVALID -m limit --limit 1/sec -j LOG --log-prefix "\"DROP INVALID out_public4:\""
[0:0] -A out_public4 -m limit --limit 1/sec -j LOG --log-prefix "\"reject UNMATCHED OUT-public4"
This causes incoherent logging and makes it impossible to properly route the firehol logs into their own file with rsyslog.
The text was updated successfully, but these errors were encountered:
When setting FIREHOL_LOG_PREFIX in the config file I still get several log line in the iptables file that are missing the prefix.
The prefix is only applied to some of the log config lines.
Example from /etc/iptables/rules.v4:
This causes incoherent logging and makes it impossible to properly route the firehol logs into their own file with rsyslog.
The text was updated successfully, but these errors were encountered: