Having perused the WIKI [1] I tried to get protocol specific logging
going, but ended up with
* tcp log -> Error: syntax error, unexpected log
* icmpv6 log -> Error: syntax error, unexpected log
Only with an explicit protocol statement logging works
* ip protocol tcp log
* ip6 nexthdr icmpv6 log
Is that to be expected, in lieu of such mention the WIKI? Or is
something missing in the kernel settings?
lsmod | grep log
nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6
nf_log_ipv4 16384 5
nf_log_ipv6 16384 5
nf_tables 98304135
nft_fib_inet,nf_flow_table_ipv6,nf_flow_table_ipv4,nf_flow_table_inet,nft_reject_ipv6,nft_reject_ipv4,nft_reject_inet,nft_reject_bridge,nft_reject,nft_redir_ipv6,nft_redir_ipv4,nft_redir,nft_quota,nft_numgen,nft_nat,nft_masq_ipv6,nft_masq_ipv4,nft_masq,nft_log,nft_limit,nft_fwd_netdev,nft_flow_offload,nft_fib_ipv6,nft_fib_ipv4,nft_fib,nft_dup_netdev,nft_ct,nft_counter,nft_chain_route_ipv6,nft_chain_route_ipv4,nft_chain_nat_ipv6,nft_chain_nat_ipv4
nfnetlink 16384 4
nfnetlink_log,nf_tables,nf_conntrack_netlink,ip_set
nfnetlink_log 20480 0
nft_log 16384 1
cat /proc/net/netfilter/nf_log
0 NONE (nfnetlink_log)
1 NONE (nfnetlink_log)
2 nf_log_ipv4 (nf_log_ipv4,nfnetlink_log)
3 NONE (nfnetlink_log)
4 NONE (nfnetlink_log)
5 NONE (nfnetlink_log)
6 NONE (nfnetlink_log)
7 NONE (nfnetlink_log)
8 NONE (nfnetlink_log)
9 NONE (nfnetlink_log)
10 nf_log_ipv6 (nf_log_ipv6,nfnetlink_log)
11 NONE (nfnetlink_log)
12 NONE (nfnetlink_log)
Tried with
echo "nf_log_icmp" > /proc/sys/net/netfilter/nf_log/1
but that produces
ash: write error: No such file or directory
despite
stat /proc/sys/net/netfilter/nf_log/1
File: /proc/sys/net/netfilter/nf_log/1
Size: 0 Blocks: 0 IO Block: 1024 regular empty
file
Device: 4h/4d Inode: 260702 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
___
[1] https://wiki.nftables.org/wiki-nftables/index.php/Logging_traffic
