diff -Nur e-smith-packetfilter-2.6.0.old/createlinks e-smith-packetfilter-2.6.0/createlinks
--- e-smith-packetfilter-2.6.0.old/createlinks	2021-03-04 16:01:39.921000000 -0500
+++ e-smith-packetfilter-2.6.0/createlinks	2021-03-04 16:52:55.378000000 -0500
@@ -21,18 +21,10 @@
     safe_symlink("reload", "root/etc/e-smith/events/$_/services2adjust/masq");
 }
 
-my %service2order =
-(
-    # Set up the packet filter rules before bringing up networks.
-    # But, after the bootstrap-console has had a chance to configure masq
-    masq 	=> "36",
-);
-
-foreach my $service (keys %service2order)
-{
-# removed for systemd
-#    service_link_enhanced($service, $service2order{$service}, 7);
-}
+my $event ="e-smith-packetfilter-update";
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ulogd");
+event_link("systemd-reload", $event, "89");
+event_link("systemd-default", $event, "88");
 
 #systemd
 foreach my $target (qw(multi-user sme-server))
@@ -41,6 +33,7 @@
 
 foreach my $unit (qw(
         masq.service
+	ulogd.service
         ))
         {
         symlink("../$unit",
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/status e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/status
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/status	1969-12-31 19:00:00.000000000 -0500
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/status	2021-03-04 16:38:38.292000000 -0500
@@ -0,0 +1 @@
+enabled
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/type e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/type
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/defaults/ulogd/type	1969-12-31 19:00:00.000000000 -0500
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/defaults/ulogd/type	2021-03-04 16:38:26.949000000 -0500
@@ -0,0 +1 @@
+service
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/force/ulogd/status e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/force/ulogd/status
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/db/configuration/force/ulogd/status	1969-12-31 19:00:00.000000000 -0500
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/db/configuration/force/ulogd/status	2021-03-04 16:39:04.280000000 -0500
@@ -0,0 +1 @@
+enabled
diff -Nur e-smith-packetfilter-2.6.0.old/root/etc/e-smith/templates/etc/ulogd.conf/basic e-smith-packetfilter-2.6.0/root/etc/e-smith/templates/etc/ulogd.conf/basic
--- e-smith-packetfilter-2.6.0.old/root/etc/e-smith/templates/etc/ulogd.conf/basic	2008-10-07 13:36:41.000000000 -0400
+++ e-smith-packetfilter-2.6.0/root/etc/e-smith/templates/etc/ulogd.conf/basic	2021-03-04 23:22:10.840000000 -0500
@@ -1,12 +1,125 @@
 [global]
 nlgroup=1
-logfile=/dev/stdout
+logfile=/var/log/iptables/ulogd.log
 loglevel=5
 rmem=131071
 bufsize=150000
+
+######################################################################
+# PLUGIN OPTIONS
+######################################################################
+# We have to configure and load all the plugins we want to use
+# general rules:
+#
+# 0. don't specify any plugin for ulogd to load them all
+# 1. load the plugins _first_ from the global section
+# 2. options for each plugin in seperate section below
 plugin={ -f "/usr/lib64/ulogd/ulogd_BASE.so" ? "/usr/lib64/ulogd/ulogd_BASE.so" : "/usr/lib/ulogd/ulogd_BASE.so" }
 plugin={ -f "/usr/lib64/ulogd/ulogd_LOGEMU.so" ? "/usr/lib64/ulogd/ulogd_LOGEMU.so" : "/usr/lib/ulogd/ulogd_LOGEMU.so" }
 
+{
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so"
+#plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_XML.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_SQLITE3.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so"
+#plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so"
+#plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_JSON.so"
+
+# this is a stack for logging packet send by system via LOGEMU
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for ULOG packet-based logging via LOGEMU
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK
+#stack=log2:NFLOG,base1:BASE,mark1:MARK,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via GPRINT
+#stack=log1:NFLOG,gp1:GPRINT
+
+# this is a stack for flow-based logging via LOGEMU
+#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
+
+# this is a stack for flow-based logging via GPRINT
+#stack=ct1:NFCT,gp1:GPRINT
+
+# this is a stack for flow-based logging via XML
+#stack=ct1:NFCT,xml1:XML
+
+# this is a stack for logging in XML
+#stack=log1:NFLOG,xml1:XML
+
+# this is a stack for accounting-based logging via XML
+#stack=acct1:NFACCT,xml1:XML
+
+# this is a stack for accounting-based logging to a Graphite server
+#stack=acct1:NFACCT,graphite1:GRAPHITE
+
+# this is a stack for NFLOG packet-based logging to PCAP
+#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
+
+# this is a stack for logging packet to MySQL
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
+
+# this is a stack for logging packet to PGsql after a collect via NFLOG
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
+
+# this is a stack for logging packet to JSON formatted file after a collect via NFLOG
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON
+
+# this is a stack for logging packets to syslog after a collect via NFLOG
+#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+
+# this is a stack for logging packets to syslog after a collect via NuFW
+#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+
+# this is a stack for flow-based logging to MySQL
+#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
+
+# this is a stack for flow-based logging to PGSQL
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
+
+# this is a stack for flow-based logging to PGSQL without local hash
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
+
+# this is a stack for flow-based logging to SQLITE3
+#stack=ct1:NFCT,sqlite3_ct:SQLITE3
+
+# this is a stack for logging packet to SQLITE3
+#stack=log1:NFLOG,sqlite3_pkt:SQLITE3
+
+# this is a stack for flow-based logging in NACCT compatible format
+#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
+
+# this is a stack for accounting-based logging via GPRINT
+#stack=acct1:NFACCT,gp1:GPRINT
+
+ $OUT="";
+
+}
 [LOGEMU]
-file="/dev/stdout"
+file="/var/log/iptables/ulogd.syslogemu"
 sync=1
diff -Nur e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf
--- e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf	1969-12-31 19:00:00.000000000 -0500
+++ e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/sme-server.target.d/53koozali.conf	2021-03-04 16:36:47.274000000 -0500
@@ -0,0 +1,3 @@
+[Unit]
+Wants=ulogd.service
+
diff -Nur e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/ulogd.service e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/ulogd.service
--- e-smith-packetfilter-2.6.0.old/root/usr/lib/systemd/system/ulogd.service	1969-12-31 19:00:00.000000000 -0500
+++ e-smith-packetfilter-2.6.0/root/usr/lib/systemd/system/ulogd.service	2021-03-04 23:58:38.429000000 -0500
@@ -0,0 +1,18 @@
+[Unit]
+Description=Netfilter Userspace Logging Daemon
+Before=masq.service
+
+[Service]
+User=root
+Group=root
+Restart=always
+TimeoutSec=0
+Type=forking
+
+PIDFile=/run/ulog/ulogd.pid
+#ExecStart=/usr/sbin/ulogd --daemon --uid ulog --pidfile /run/ulog/ulogd.pid
+ExecStart=/usr/sbin/ulogd --daemon  --pidfile /run/ulog/ulogd.pid
+#ExecStart=/usr/sbin/ulogd --daemon
+
+[Install]
+WantedBy=sme-server.target multi-user.target