Hi everybody,
I'm starting with nftables, and I want to log SSH inputs, but I have SSH
port in another port with "prerouting" with this rule:
-----------------------------------------------
table ip my-nat {
chain PREROUTING {
type nat hook prerouting priority 0; policy accept;
iifname "enp1s0" tcp dport 9999 dnat to 192.168.1.3:22
...
-----------------------------------------------
If my Input rule is the following...
-----------------------------------------------
table inet my-fw {
chain INPUT {
type filter hook input priority 0; policy drop;
...
# Ports permit with DNAT...
iifname "enp1s0" tcp dport { 22, 9999 } ct state new log prefix
"[NFTABLES] SSH: " accept
...
-----------------------------------------------
But this log any try to 22 port (there are thousands daily), and I want
log only conections to 9999 port, because only on this port, return login.
If my Inputs rule are the following...
-----------------------------------------------
...
iifname "enp1s0" tcp dport 9999 ct state new log prefix "[NFTABLES]
SSH: " accept
iifname "enp1s0" tcp dport 22 ct state new accept
...
-----------------------------------------------
It log nothing.
If my Inputs rule is the reverse...
-----------------------------------------------
...
iifname "enp1s0" tcp dport 9999 ct state new accept
iifname "enp1s0" tcp dport 22 ct state new log prefix "[NFTABLES]
SSH: " accept
...
-----------------------------------------------
It log everything, another time, is the same as the initial rule.
Any Idea?
Regards,
Alberto
