Bug 12654 - forcing DNS traffic to use the local resolver - logging issue
Summary: forcing DNS traffic to use the local resolver - logging issue
Status: CLOSED WORKSFORME
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified Unspecified
: - Unknown - - Unknown -
Assignee: Stefan Schantl
QA Contact:
URL:
Keywords:
Depends on:
Blocks: FWBUGS
  Show dependency treegraph
 
Reported: 2021-07-05 19:43 UTC by Jon
Modified: 2021-12-27 23:00 UTC (History)
1 user (show)

See Also:


Attachments
iptables sample compare (251.09 KB, image/png)
2021-07-05 19:43 UTC, Jon
Details
firewall log (143.03 KB, image/png)
2021-07-06 16:55 UTC, Jon
Details
iptables -L -nv and iptables -t nat -L -nv (25.65 KB, text/plain)
2021-10-14 21:36 UTC, Jon
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jon 2021-07-05 19:43:47 UTC
Created attachment 920 [details]
iptables sample compare

issue happened during test of "testing forcing DNS traffic to use the local resolver":

https://lists.ipfire.org/pipermail/development/2021-June/010692.html

https://patchwork.ipfire.org/project/ipfire/patch/20210630184031.7726-1-stefan.schantl@ipfire.org/

---

Disable logging (and click apply changes) the logging does not stop. I
Comment 1 Jon 2021-07-05 19:47:48 UTC
When the DNS redirect firewall rule is enabled AND
the logging is enabled OR DISABLED
then there are LOTS of log entries.  Not sure how to disable logging.
Comment 2 Michael Tremer 2021-07-06 10:36:05 UTC
The generated rules look okay to me. What does the log say? Maybe another rule is causing the entries...
Comment 3 Jon 2021-07-06 16:55:57 UTC
Created attachment 922 [details]
firewall log

This is the only rule (and nothing in firewall.local).

Here is the firewall log (see image)
Comment 4 Jon 2021-10-09 21:39:02 UTC
This issue is present in CU160 (stable)
Comment 5 Michael Tremer 2021-10-14 19:32:59 UTC
(In reply to Jon from comment #3)
> Created attachment 922 [details]
> firewall log
> 
> This is the only rule (and nothing in firewall.local).
> 
> Here is the firewall log (see image)

This is the expected log output. What did you expect?

Just nothing because this should be expected?

Could you send the output of "iptables -L -nv" and "iptables -t nat -L -nv"?
Comment 6 Jon 2021-10-14 21:36:57 UTC
Created attachment 946 [details]
iptables -L -nv and iptables -t nat -L -nv

requested output
Comment 7 Jon 2021-10-14 21:37:38 UTC
Yes.  If logging is unchecked then I expect the entries in the log to stop. (I think this is reasonable unless I am missing something)
Comment 8 Jon 2021-10-14 21:50:44 UTC
This time when I tried enabling the Log and then disabling the Log all worked.

All of the INPUTFWs and DNATs disappeared when the log was off AND everything worked as expected.  Ugh!

So, never mind...
Comment 9 Jon 2021-12-27 23:00:38 UTC
OK to close...