I put inside the log pointers in every DOCKER-USER and INPUT, with likes of nft insert rule ip filter DOCKER-USER counter log nonetheless all of them current 0 packets logged.
/var/log/kern.log wouldn’t current any firewall related information, and neither does journalctl -k.
How is the model new technique to view firewall train with this nftables system?
nft itemizing ip desk filter desk ip filter { chain INPUT { variety filter hook enter priority 0; protection drop; ct state invalid counter packets 80 bytes 3200 drop iifname “vif*” meta l4proto udp udp dport 68 counter packets 0 bytes 0 drop ct state related,established counter packets 9479197 bytes 17035404271 accept iifname “vif*” meta l4proto icmp counter packets 0 bytes 0 accept iifname “lo” counter packets 9167 bytes 477120 accept iifname “vif*” counter packets 0 bytes 0 reject with icmp variety host-prohibited counter packets 28575 bytes 1717278 drop counter packets 0 bytes 0 log counter packets 0 bytes 0 log iifname “docker0” counter packets 0 bytes 0 accept } chain FORWARD { variety filter hook forward priority 0; protection drop; counter packets 880249 bytes 851779418 leap DOCKER-ISOLATION-STAGE-1 oifname “br-cc7b89b40bee” ct state related,established counter packets 7586 bytes 14719677 accept oifname “br-cc7b89b40bee” counter packets 0 bytes 0 leap DOCKER iifname “br-cc7b89b40bee” oifname != “br-cc7b89b40bee” counter packets 5312 bytes 2458488 accept iifname “br-cc7b89b40bee” oifname “br-cc7b89b40bee” counter packets 0 bytes 0 accept oifname “br-d41d1510d330” ct state related,established counter packets 8330 bytes 7303256 accept oifname “br-d41d1510d330” counter packets 0 bytes 0 leap DOCKER iifname “br-d41d1510d330” oifname != “br-d41d1510d330” counter packets 7750 bytes 7569465 accept iifname “br-d41d1510d330” oifname “br-d41d1510d330” counter packets 0 bytes 0 accept oifname “br-79fccb9a0478” ct state related,established counter packets 11828 bytes 474832 accept oifname “br-79fccb9a0478” counter packets 11796 bytes 707760 leap DOCKER iifname “br-79fccb9a0478” oifname != “br-79fccb9a0478” counter packets 7 bytes 526 accept iifname “br-79fccb9a0478” oifname “br-79fccb9a0478” counter packets 11796 bytes 707760 accept counter packets 1756295 bytes 1727495359 leap DOCKER-USER oifname “docker0” ct state related,established counter packets 1010328 bytes 1597833795 accept oifname “docker0” counter packets 0 bytes 0 leap DOCKER iifname “docker0” oifname != “docker0” counter packets 284235 bytes 16037499 accept iifname “docker0” oifname “docker0” counter packets 0 bytes 0 accept ct state invalid counter packets 0 bytes 0 drop ct state related,established counter packets 0 bytes 0 accept counter packets 0 bytes 0 leap QBS-FORWARD iifname “vif*” oifname “vif*” counter packets 0 bytes 0 drop iifname “vif*” counter packets 0 bytes 0 accept counter packets 0 bytes 0 drop } chain OUTPUT { variety filter hook output priority 0; protection accept; } chain QBS-FORWARD { } chain DOCKER { } chain DOCKER-ISOLATION-STAGE-1 { iifname “br-cc7b89b40bee” oifname != “br-cc7b89b40bee” counter packets 5312 bytes 2458488 leap DOCKER-ISOLATION-STAGE-2 iifname “br-d41d1510d330” oifname != “br-d41d1510d330” counter packets 7750 bytes 7569465 leap DOCKER-ISOLATION-STAGE-2 iifname “br-79fccb9a0478” oifname != “br-79fccb9a0478” counter packets 7 bytes 526 leap DOCKER-ISOLATION-STAGE-2 iifname “docker0” oifname != “docker0” counter packets 590138 bytes 34612496 leap DOCKER-ISOLATION-STAGE-2 counter packets 1808904 bytes 1760729363 return } chain DOCKER-ISOLATION-STAGE-2 { oifname “br-cc7b89b40bee” counter packets 0 bytes 0 drop oifname “br-d41d1510d330” counter packets 0 bytes 0 drop oifname “br-79fccb9a0478” counter packets 0 bytes 0 drop oifname “docker0” counter packets 0 bytes 0 drop counter packets 644929 bytes 74784737 return } chain DOCKER-USER { counter packets 0 bytes 0 log iifname “docker0” counter packets 305903 bytes 18574997 accept counter packets 1450392 bytes 1708920362 return } }
