Page MenuHomePhabricator

"monitor firewall name <name>" does not monitor any firewall-log-entry
Closed, ResolvedPublic

Description

monitor firewall name <name>

does not monitor any firewall-log-entry.
If we look at /var/log/messages we can confirm that new firewall log entries are just arriving....
If we use

monitor log

we can read live monitor and all is OK (except that this is an all-log monitor).

But instead, I repeat, if we use

monitor firewall name <name>

nothing happens.

Details

Difficulty level
Easy (less than an hour)
mdsmds created this task.May 4 2016, 11:42 AM
syncer triaged this task as Low priority.May 9 2016, 9:54 PM
syncer assigned this task to EwaldvanGeffen.
syncer edited projects, added VyOS 1.1.x (1.1.8); removed VyOS 2.0.x.
syncer added subscribers: EwaldvanGeffen, syncer.

@EwaldvanGeffen please check this out.
Thanks!

EwaldvanGeffen added a comment.EditedJun 18 2016, 3:40 PM

On which version was this experienced? Cannot reproduce on 1.1.6, 1.1.7 and 1.2. Could you provide the output of sudo iptables-save? Or sudo iptables -t filter -L -nv (includes packet counters and should show you why your traffic is not hitting your log-rule).

One possible point of possible confusion I found is that ingressing local-destined traffic is not contained in 'interface <> firewall in' but 'interface <> firewall local' (as expected, if you know it exists).

On 1.2 I do receive https://debbugs.gnu.org/db/11/11823.html but I'm assuming we should kick core-utils version forward to resolve.

1.2.0-beta1

@Ewaldvan, I've sent a screencast-link in email...

EwaldvanGeffen added a comment.EditedJun 21 2016, 4:16 PM

@mdsmds looks good. I can work with this :) patch

EwaldvanGeffen closed this task as Resolved.Jul 4 2016, 5:12 PM

Merged, closing.