Firewall "log enable" logs every packet
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	rayzilt
	Sep 16 2023, 5:41 PM

Description

Setting "log enable" on a rule creates the following nftable entry (example)

log prefix "[ipv4-FWD-filter-116-D]" oifname @I_IG_home counter packets 0 bytes 0 drop comment "ipv4-FWD-filter-116"

nftable evaluates rules from left to right. This means that every packet that passes this entry will be logged, even when the rule is not applied.

The entry should be something like this (not tested)

oifname @I_IG_home log prefix "[ipv4-FWD-filter-116-D]" counter packets 0 bytes 0 drop comment "ipv4-FWD-filter-116"

rayzilt created this object in space S1 VyOS Public.

n.fort changed the task status from Open to Confirmed.Sep 18 2023, 12:57 PM

n.fort claimed this task.

n.fort changed the task status from Confirmed to In progress.Sep 18 2023, 6:12 PM

Viacheslav changed the task status from In progress to Needs testing.Sep 19 2023, 6:12 AM

Great, Thanks!

n.fort closed this task as Resolved.Nov 22 2023, 7:18 PM