Different APF log for TDP/UDP drops

We are able to create a separate log file for TCP/UDP OUTPUT and drops.

Requirements:

APF Firewall 0.9.3 or above. It may work on previous versions but haven’t tested. If you’re using an older version you should upgrade anyways.

Changing APF’s configuration:

1) Login to your server and su to root shell.

2) Create a new log file just for the TCP/UDP output/drops from APF.
touch /var/log/customlog

Set user permissions to restrict access.
chmod 600 /var/log/customlog

3) Change the syslog so it will tell iptables to use your new log file.
First lets make a backup to be safe:
cp /etc/syslog.conf /etc/syslog.conf.bak

vi /etc/syslog.conf

4) Add the following line at the bottom

# Send iptables LOGDROPs to /var/log/customlog
kern.=debug /var/log/customlog

5) Save the changes, ctrl + X then Y

6) Reload the syslogd service for the change to take effect.
service syslog reload

7) Open APF and edit the firewall configuration.
First lets make a backup to be safe:
cp /etc/apf/firewall /etc/apf/firewall.bak

vi /etc/apf/firewall

Find the following: DROP_LOG

You should see this: P.S. USE OUR PRINTER FRIENDLY VERSION TO AVOID TEXT WRAPPING, LINK AT TOP!

if [ “$DROP_LOG” == “1” ]; then
# Default TCP/UDP INPUT log chain
$IPT -A INPUT -p tcp -m limit –limit $LRATE/minute -i $IF -j LOG –log-prefix “** IN_TCP DROP ** ”
$IPT -A INPUT -p udp -m limit –limit $LRATE/minute -i $IF -j LOG –log-prefix “** IN_UDP DROP ** ”

Replace with the following:

if [ “$DROP_LOG” == “1” ]; then
# Default TCP/UDP INPUT log chain
$IPT -A INPUT -p tcp -m limit –limit $LRATE/minute -i $IF -j LOG –log-level debug
$IPT -A INPUT -p udp -m limit –limit $LRATE/minute -i $IF -j LOG –log-level debug

Find the following one more time: DROP_LOG

You should see this:

if [ “$DROP_LOG” == “1” ] && [ “$EGF” == “1” ]; then
# Default TCP/UDP OUTPUT log chain
$IPT -A OUTPUT -p tcp -m limit –limit $LRATE/minute -o $IF -j LOG –log-prefix “** OUT_TCP DROP ** ”
$IPT -A OUTPUT -p udp -m limit –limit $LRATE/minute -o $IF -j LOG –log-prefix “** OUT_UDP DROP ** ”

Replace with the following:

if [ “$DROP_LOG” == “1” ] && [ “$EGF” == “1” ]; then
# Default TCP/UDP OUTPUT log chain
$IPT -A OUTPUT -p tcp -m limit –limit $LRATE/minute -o $IF -j LOG –log-level debug
$IPT -A OUTPUT -p udp -m limit –limit $LRATE/minute -o $IF -j LOG –log-level debug
8) Save the changes to firewall.
Ctrl + X then Y

9) Restart apf for the changes to take effect.

apf –r

10) Make sure the new log file is getting written to:
tail –f /var/log/customlog

You should see things like:

Aug 27 15:48:31 fox kernel: IN=eth0 OUT= MAC=00:0d:61:37:76:84:00:d0:02:06:08:00:08:00 SRC=192.168.1.1 DST=192.168.1.1 LEN=34 TOS=0×00 PREC=0×00 TTL=118 ID=57369 PROTO=UDP SPT=4593 DPT=28000 LEN=14

Also check the messages log to make sure APF still isn’t writing to it.

tail –f /var/log/messages

Mozilla Firefox 4.0 Interface Mockups

The Mozilla Foundation has put up a page to explore interface changes in Firefox 4.0.

Two main versions are displayed, one showing the tabs beneath the address bar and one with the tabs above it. The tabs-on-top look is nice and clean, and saves space, but eliminates the title bar.

Also on the wiki page is a demonstration of an idea for combining the go, refresh, and stop buttons into a single context-sensitive button.

Firefox 4.0 changes are aiming to reduce interface complexity, increase page space, and hopefully increase clarity for the user while integrating more naturally into Windows.

ImapSync

imapsync is a tool for facilitating incremental recursive IMAP transfers from one mailbox to another. It is useful for mailbox migration, and reduces the amount of data transferred by only copying messages that are not present on both servers. Read, unread, and deleted flags are preserved and the process can be stopped and resumed. The original messages can optionally be deleted after a successful transfer.