Firewall Monitor provides real-time monitoring of ipchains/iptables output.
This software can be easily integrated into an existing ipchains ruleset, such as the TrinityOS ruleset available from (website). Enhanced logging can be selectively added to specific existing rules by adding a new user-defined rule to the default ACCEPT, REJECT, and DENY rules. It's important to note that although previously known as "Firestorm Firewall Monitor", this software shares nothing with Firestorm.
If you wish to retain current iptables logging features and add additional features of fwmon, keep the '-l' option (or the $LOGGING equivalent used in TrinityOS) for those rules of interest. Data will be placed in a separate file (user-configurable) via a new target of those rules for which the capability is desired. This new rule will not contain the '-l' (or $LOGGING) flag so packets trapped by a primary rule are not logged twice by ipchains. Additionally, by retaining the ipchains logging in primary rules, the rule number that caused the logging is contained in the ipchains log entries, and not the rule number of the new chain.
As a guide for adding this new chain, the TrinityOS rule set begins with the setting of various parameters used with firewalls, then rules are grouped in INPUT, OUTPUT and FORWARD sections. Since this new rule will be a 'target' of other rules, it must be placed BEFORE the first rule which references it to avoid errors the first time the ruleset is loaded. A new section defining the rule is suggested to be placed just before the INPUT rules section and consist of: (rule definition).
In this release, the software has fixed logrotate problems with libpcap files. There may still be a race condition, but under normal circumstances, it shouldn't be encountered.
Version 1.1.0: N/A