From: Florian Westphal <fw@strlen.de>
To: Jason Vas Dias <jason.vas.dias@ptt.ie>,
Jason Vas Dias <jason.vas.dias@gmail.com>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org
Subject: Re: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
Date: Sun, 25 Jun 2023 20:35:11 +0200 [thread overview]
Message-ID: <20230625183511.GC3207@breakpoint.cc> (raw)
In-Reply-To: <hhr0pz60h5.fsf@jvdspc.jvds.net>
Jason Vas Dias <jason.vas.dias@ptt.ie> wrote:
> RE: you wrote:
> > Run "xtables-monitor --trace".
>
> Thanks for the info about xtables-monitor - yes, that does give alot
> of extra information about rule chain processing.
>
> But I'd just like to understand :
> Why does this work under kernel v6.2.16 and not under v4.18.0-477 ?
> :
> # iptables -t raw -A PREROUTING -p icmp -j TRACE
> # iptables -t raw -A OUTPUT -p icmp -j TRACE
> # modprobe nf_log_ipv4
> # echo nf_log_ipv4 > /proc/sys/net/netfilter/nf_log/2
>
> How can I enable the 'nf_log_syslog' module, so that it does
> in fact emit TRACE kernel messages to syslog, as it purports
> to be able to do, under v4.18.0-477 ?
You need to install iptables-legacy, not shipped in RHEL8.
prev parent reply other threads:[~2023-06-25 18:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-25 13:25 Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+? Jason Vas Dias
2023-06-25 13:40 ` Florian Westphal
2023-06-25 15:11 ` Jason Vas Dias
2023-06-25 18:35 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230625183511.GC3207@breakpoint.cc \
--to=fw@strlen.de \
--cc=jason.vas.dias@gmail.com \
--cc=jason.vas.dias@ptt.ie \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.