[Security] SuSEfirewall1/2
Hi! I wanted to port SuSEfirewall1/2 to Debian and Red Hat. The result ist, that the netfilter works, but logging ist still to /dev/tty1-6. This nerves, if I want to do something direct on the server. If I login from remote (ssh) there is no problem with these logs and anyway the most time I setup things via remote. Any hints what's wrong? I looked in the script but did not find any options which tell iptables to log to console. Is it maybe a patch from SuSE within iptables? Why I did this: Debian and Red Hat offer more packaees than SuSE and the SuSEfirewall is a nice tool for setting up a firewall. Other "nice" firewalls need modifications on the hosts system - SuSEfirewall normally not! A Modification to SuSEfirewall makes it run with e.g. fireparse for giving out the loggs (I changed some of the logging-texts). Modifications are easy to be done (I modified one without DMZ-rules and one with extra blocking options for the config file). Philippe
Philippe Vogel wrote:
I wanted to port SuSEfirewall1/2 to Debian and Red Hat. The result ist, that the netfilter works, but logging ist still to /dev/tty1-6. This nerves, if I want to do something direct on the server. If I login from remote (ssh) there is no problem with these logs and anyway the most time I setup things via remote. Any hints what's wrong?
Compare the /etc/syslog.conf files from the other distributions to SuSEs. Probably kern.* are "wall(1)"ed.
I looked in the script but did not find any options which tell iptables to log to console. Is it maybe a patch from SuSE within iptables?
I don't think so. iptables logs always as facility kernel, with a chooseable level in the logging statement. Peter
Compare the /etc/syslog.conf files from the other distributions to SuSEs. Probably kern.* are "wall(1)"ed.
My Debian 3.0 box: /etc/syslog.conf <snip> kern.* /var/log/firewall <snip> No extra Options for kern.* to tty are set. 44-10:/var/log# syslogd -v syslogd 1.4.1 My Red Hat 7.3 Box: /etc/syslog.conf <snip> kern.warn;*.err;authpriv.none /dev/tty10 kern.warn;*.err;authpriv.none |/dev/xconsole kern.* -/var/log/firewall <snip> [root@wt etc]# /sbin/syslogd -v syslogd 1.4.1 Both systems have latest packages for this distribution. Both use kernel 2.4.18.
I looked in the script but did not find any options which tell iptables to log to console. Is it maybe a patch from SuSE within iptables?
I don't think so. iptables logs always as facility kernel, with a chooseable level in the logging statement.
This is part of the logging options line. Philippe
participants (2)
-
Peter Wiersig
-
Philippe Vogel