On Tue, Jul 27, 2021 at 04:44:42PM -0500, Alex Forster wrote: > > I'm not refering to nftables, I'm refering to iptables-nft. > > Possibly I'm misunderstanding. Here's a realistic-ish example of a > rule we might install: > > iptables -A INPUT -d 11.22.33.44/32 -m bpf --bytecode "43,0 0 0 > 0,48 0 0 0,...sic..." -m statistic --mode random --probability 0.0001 > -j NFLOG --nflog-prefix "drop 10000 c37904a83b344404 > e4ec6050966d4d2f9952745de09d1308" > > Is there a way to install such a rule with an nflog prefix that is >63 chars? Yes, you can update iptables-nft to use nft_log instead of xt_LOG, that requires no kernel upgrades and it will work with older kernels.
