Comments (5)
abelbeck
commented on July 16, 2024
Look at these variables in firewall.conf
PRIV_TCP_LOG=1
PRIV_UDP_LOG=1
UNPRIV_TCP_LOG=1
UNPRIV_UDP_LOG=1
Setting UNPRIV_TCP_LOG=0 will stop the logs you mention above.
from aif.
arnova
commented on July 16, 2024
Please use the mailinglist for support questions next time, Github issues is only for reporting bugs. Thank you!
from aif.
flixman
commented on July 16, 2024
Yes sure, but the reason for reporting it here is that I set, literally, all the variables on the Logging section /etc/arno-iptables-firewall/firewall.conf to 0, then issued a "systemctl reload arno-iptables-firewall", and those packets were still being logged. I have just repeated the experiment:
NOTE: I have set these variables in a /etc/arno-iptables-firewall/conf.d file.
1- I comment out those UNPRIV_TCP_LOG=0 and PRIV_TCP_LOG=0 variables, systemctl restart arno-iptables-firewall
2- I uncomment those two variables, systemctl reload arno-iptables-firewall
This is the log that comes out of that:
Oct 24 08:21:33 host arno-iptables-firewall[17084]: Logging of dropped FORWARD packets enabled
Oct 24 08:21:33 host arno-iptables-firewall[17084]: Oct 24 08:21:33 All firewall rules applied.
NOW VARIABLES COMMENTED OUT, SO ALL SHOULD BE LOGGED
Oct 24 08:21:34 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=82 ID=21012 DF PROTO=TCP SPT=52668 DPT=3000 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:21:34 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=77 ID=1198 DF PROTO=TCP SPT=40184 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:21:35 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=68 ID=37438 DF PROTO=TCP SPT=64659 DPT=3000 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:21:38 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=80 ID=7376 DF PROTO=TCP SPT=51504 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:21:48 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=74 ID=34453 DF PROTO=TCP SPT=62034 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:21:54 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=45.136.110.48 DST=192.168.178.4 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36958 PROTO=TCP SPT=59151 DPT=9427 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 24 08:21:55 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=78 ID=47102 DF PROTO=TCP SPT=40781 DPT=3000 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:21:56 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.126.18 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=80 ID=3921 DF PROTO=TCP SPT=45908 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:03 host kernel: AIF:UNPRIV UDP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=138.68.30.68 DST=192.168.178.4 LEN=416 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=33582 DPT=53413 LEN=396
Oct 24 08:22:05 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.124.2 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=85 ID=50078 DF PROTO=TCP SPT=46102 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:11 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.124.2 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=75 ID=11361 DF PROTO=TCP SPT=43419 DPT=3000 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:17 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.124.2 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=62 ID=30825 DF PROTO=TCP SPT=47712 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:26 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.124.2 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=73 ID=60868 DF PROTO=TCP SPT=37188 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:28 host systemd[1]: Reloading Arno's Iptables Firewall.
Oct 24 08:22:28 host arno-iptables-firewall[18368]: Arno's Iptables Firewall Script v2.0.3
Oct 24 08:22:28 host arno-iptables-firewall[18368]: -------------------------------------------------------------------------------
Oct 24 08:22:28 host arno-iptables-firewall[18368]: Platform: Linux 5.2.0-0.bpo.3-amd64 x86_64
Oct 24 08:22:29 host arno-iptables-firewall[18368]: Oct 24 08:22:29 All firewall rules applied.
Oct 24 08:22:29 host systemd[1]: Reloaded Arno's Iptables Firewall.
NOW VARIABLES UNCOMMENTED OUT, SO NOTHING SHOULD BE LOGGED
Oct 24 08:22:32 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.127.189 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=83 ID=37999 DF PROTO=TCP SPT=59394 DPT=3000 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:34 host kernel: AIF:UNPRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.127.189 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=68 ID=50329 DF PROTO=TCP SPT=58813 DPT=3000 WINDOW=29200 RES=0x00 SYN URGP=0
Oct 24 08:22:38 host kernel: AIF:PRIV TCP packet: IN=vmbr0 OUT= MAC=52:ec:95:9f:fc:28:18:55:0f:b3:ce:71:08:00 SRC=112.175.127.189 DST=192.168.178.4 LEN=40 TOS=0x08 PREC=0x20 TTL=85 ID=65501 DF PROTO=TCP SPT=46487 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
I know that to get help the mailing list is the way to go, but the question is: am I doing something wrong, or this is a bug? Seems that systemd's reload (that calls the firewall with a force-reload) is not reading all the configuration files.
(BTW: thank you for coming up with the idea and implementation of this firewall, it is really awesome).
from aif.
flixman
commented on July 16, 2024
@arnova please, I do not know if you received the notification about my previous message (after you closed this issue). Can you still give a look to that message?
from aif.
arnova
commented on July 16, 2024
You shouldn't uncomment the variables @abelbeck mentions, you should set them to 0. If it still doesn't work you should post your firewall.conf and the output of "/usr/local/sbin/arno-iptables-firewall start". But again: we consider this a support question so it should really go via our mailinglist.
from aif.
Related Issues (20)
- Using local interface aliases instead of local network addresses HOT 3
- Cannot start aif HOT 1
- Opening ports on specific IP HOT 1
- Country blocking HOT 2
- ipv6nd_sendadvertisement not permitted HOT 2
- ipv6 NAT support? HOT 5
- FTP - can't retrieve directory HOT 8
- Error: either "to" is duplicate, or "equalize" is garbage HOT 5
- Plugin loopback_nat not loading properly? HOT 1
- Missing support for docker HOT 3
- support for AnyIP? HOT 1
- No iptables/ip6tables found at Debian 10 (2021/03/26) HOT 8
- IPSET/NETSET support in HOST_OPEN_TCP HOT 2
- aif 2.03 doesn't start on debian buster HOT 5
- Ubuntu 22.04 with libvirtd, the bridge interface 'virbr0' does not start automatically HOT 3
- AIF falling back to conntrack legacy automatic helper in Debian with kernel 6.0 and higher HOT 5
- nftables as aif backend HOT 1
- Disable "Dropped INPUT packet" logging? HOT 5
- AIF blocking nimble HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aif.