Current situation as I understand it:
When logging is turned on firehol creates an ulog entry
at the beginning of the input chain and at the end of
input subchain. The first ulog rule handles all incoming
packets and the very last ulog rule handles all packets
that did not match any accept rule. So first ulog will log
all incoming packets including those that were dropped
and logged by the last ulog entry in the input subchain.
The result is that such packets are logged twice.
What is nice to have:
To have logged separately all accepted packets and all
rejected packets. Accepted packets counters shall not
include rejected packets.
How to do that:
As a proposed way how to implement this: it might be
possible to create a reference for all accepted packets to
the separate subchain. Then count accepted packets
there and only after that accept those packets.
For example now for interface eth0 firehol will create
ulog in the INPUT chain before reference "in_eth0".
Then it will put all rules that are necessary in this
subchain and then, at the end of "in_eth0" subchain, it
will create "IN-eth0" entry just before the final drop
The proposal is that all packets that have to be
accepted should be referenced to some
in_eth0_common_accept subchain where all packets
that have to be accepted will be logged first. And in this
subchain those packets will be again analysed
Question: is it possible to implement such functionality?
Thank you in advance, hope you'll understand my