Christoph A. wrote: > from iptables I'm used to see the logging output in the default syslog > files, with nftables this seams to be different. > My rule looks like this: > > [...] > ct state new log prefix "start: " accept > > but there are no log entries in the syslog file. > Where does nftables writes its logs? > > The nft_log module is loaded: > lsmod|grep nft_l > nft_log 1952 1 > nf_tables 25540 43 > nft_meta,nft_log,nft_payload,nft_ct,nft_rbtree,nft_hash,nf_tables_ipv4 > > For testing it would be very handy to have a working logging setup. > > Is there already a way to dump the current rules from the kernel to > stdout (like iptables -vnL) - if this is even possible? nftables uses the netfilter logging API, which needs a backend to actually make something out of the entries. You can either load ipt_LOG/ip6t_LOG or use nfnetlink_log. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
