Hi, are there already plans to improve the firewall logging? Especially now, after the refactor? Further, I'm seeing 3 specific improvements which could be done to it, espcially for troubleshooting:
- Store all of the FW logs in a separate file (for example in / var/ log/ firewall instead of /var /log /messages via 'kernel'). In the docs, this problem has been adressed for some time now...
- Ability to set specific log-files for certain rules. For example in troubleshootings: set firewall ipv4 forward filter rule 20 log-options file 'access-XY-troubleshooting'
- Ability to activate / deactivate default-logging for the new default forwarding/input/output-chains (eg. set firewall ipv4 forwarding filter enable-default-logging)
I'm not too familiar with any obvious restricitions that may exist in nftables tbh., nor could I find any information on this in the forums, dev-portal, docs etc. so please forgive obvious misses.
Also, just for info: creating the task and mentioning the path "/ var/ logs/ messages" without the spaces triggers the cloudflare WAF