Skip to main content

netfilter/iptable logging

Allow Logging In Namespaces

Logging from network namespaces other than init has been disabled since kernel 3.10 in order to prevent host kernel log flooding from inside a container.

If you have kernel >= 4.11 or one with commit 2851940ffee3 ("netfilter: allow logging from non-init namespaces") backported, you can enable netfilter logging from other network namespaces by...

sysctl net.netfilter.nf_log_all_netns=1

Source: lxc-users.linuxcontainers.narkive.com

LogUserspace Logging

Install ulogd2

apt install ulogd2

Use NFLOG instead of LOG in rules

-A INPUT -j NFLOG

Source: lxadm.com

Back to top