While defining a particular ipv4 or ipv6 ruleset, and enabling log for default-rule, op-mode command show log firewall ipvX name <name> doesn't print logs for default rule.
Step to reproduce:
# Create custom chain: set firewall ipv4 name FOO default-action accept set firewall ipv4 name FOO default-log set firewall ipv4 input filter rule 1 action 'jump' set firewall ipv4 input filter rule 1 jump-target 'FOO'
Check chain, op-mode command and logs with journalctl:
vyos@140:~$ sudo nft list chain ip vyos_filter NAME_FOO table ip vyos_filter { chain NAME_FOO { counter packets 77 bytes 15395 log prefix "[ipv4-FOO-default-A]" accept comment "FOO default-action accept" } } vyos@140:~$ show log firewall ipv4 name FOO vyos@140:~$ sudo journalctl -b | grep -c "ipv4-FOO-default" 77 vyos@140:~$