<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=977#c21">Comment # 21</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=977">bug 977</a>
from <span class="vcard"><a class="email" href="mailto:eric@regit.org" title="Eric Leblond <eric@regit.org>"> <span class="fn">Eric Leblond</span></a>
</span></b>
<pre>Hello,
(In reply to Netbug from <a href="show_bug.cgi?id=977#c20">comment #20</a>)
<span class="quote">> Hi Eric,
>
> The new log; iptables-save_nflog_2 and the output I pasted for,
>
> cat /proc/net/netfilter/nf_log;
>
> All this is good now?</span >
All i see in the iptables rules regarding NFLOG is:
-A INPUT -j NFLOG --nflog-prefix "Shorewall:INPUT:REJECT:"
-A FORWARD -j NFLOG --nflog-prefix "Shorewall:FORWARD:REJECT:"
-A OUTPUT -j NFLOG --nflog-prefix "Shorewall:OUTPUT:REJECT:"
-A logflags -j NFLOG --nflog-prefix "Shorewall:logflags:DROP:"
-A net-fw -j NFLOG --nflog-prefix "Shorewall:net-fw:DROP:"
-A net-vpn -j NFLOG --nflog-prefix "Shorewall:net-vpn:DROP:"
-A smurflog -j NFLOG --nflog-prefix "Shorewall:smurfs:DROP:"
-A vpn-net -j NFLOG --nflog-prefix "Shorewall:vpn-net:REJECT:"
So there is --nflog-group specified which means that the default group 0 is
used.
Thus if you have not another conf where --nflog-group 1 is used then no packet
will never come to log2 which listen to that event.
Is that the case ?</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>