Hi here !
I have trouble with LXC and netfilter logging.
Configuring traffic log works like a charm on a baremetal machine and finish in /
var/log/syslog as expected, but logs nothing when inside a LXC container, both
with iptables and nftables
iptables rules
*filter
:INPUT DROP [0:0]
-A INPUT -j LOG --log-prefix INPUT
nftables rules
table inet filter {
chain input {
type filter hook input priority 0
policy drop
log prefix "input " counter
}
}
On host :
# sysctl net.netfilter.nf_log | grep -v NONE
net.netfilter.nf_log.10 = nf_log_ipv6
net.netfilter.nf_log.2 = nf_log_ipv4
On guest:
# sysctl net.netfilter.nf_log | grep -v NONE
net.netfilter.nf_log.10 = nf_log_ipv6
net.netfilter.nf_log.2 = nf_log_ipv4
net.netfilter.nf_log.7 = nfnetlink_log
I try to install ulogd2 on my container too, no more luck.
Does somebody here was able to do traffic logging inside a container ?
Regards,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/Attachment:
signature.asc
Description: This is a digitally signed message part.
