Hi,
do you know a method to capture the packages before they are discarded?
I do see a couple of "interesting" packages, that I would like to examine a bit further (e.g. with wireshark)
The usual way would be using ulogd, but according to gh#268 https:// github.com/firewalld/firewalld/issues/268, this is out of scope ATM.
When looking into the source, a general implementation seems pretty straight forward, with the most work being configuration/interfaces, but of course, this will raise questions of scatter logging into the ruleset everywhere <shrug>, proper testing, etc.
# LogTarget # Define alternate logging target, eg. ULOG, NFLOG # Default: LOG LogTarget=LOG
# LogPrefixOption # Log prefix option, eg. --nflog-prefix, --ulog-prefix # Default: "--log-prefix" LogPrefixOption="--log-prefix"
# LogTargetOptions # Options for alternate logging target, eg. --nflog-group 32 # Default: "" LogTargetOptions=
When making firewalld ulogd aware (ULOG, NFLOG), we could hardcode the LogPrefixOption, and simply call LogTargetOptions LogTargetGroup.
Opinions?
Cheers, Pete