Hi,
do you know a method to capture the packages before they are discarded?
I do see a couple of "interesting" packages, that I would like to examine a
bit further (e.g. with wireshark)
The usual way would be using ulogd, but according to gh#268 https://
github.com/firewalld/firewalld/issues/268, this is out of scope ATM.
When looking into the source, a general implementation seems pretty straight
forward, with the most work being configuration/interfaces, but of course,
this will raise questions of scatter logging into the ruleset everywhere
<shrug>, proper testing, etc.
# LogTarget
# Define alternate logging target, eg. ULOG, NFLOG
# Default: LOG
LogTarget=LOG
# LogPrefixOption
# Log prefix option, eg. --nflog-prefix, --ulog-prefix
# Default: "--log-prefix"
LogPrefixOption="--log-prefix"
# LogTargetOptions
# Options for alternate logging target, eg. --nflog-group 32
# Default: ""
LogTargetOptions=
When making firewalld ulogd aware (ULOG, NFLOG), we could hardcode the
LogPrefixOption, and simply call LogTargetOptions LogTargetGroup.
Opinions?
Cheers,
Pete