Looking for guidance on configuring the firewall in 22.3.05 to log port forward usage. The guide at https://openwrt.org/docs/guide-user/firewall/netfilter_iptables/iptables_log_targets seems seems ipfilter specific. I've used the mechanism described in https://openwrt.org/docs/guide-user/firewall/firewall_configuration to create nftables snippets to log specific rejected traffic, but how do log accepted use of forwarded ports?
Figured out something that works, appreciate any comments on whether this is the best approach.
To log connections from WAN to external ports 414-419 I did the following:
Added to /etc/config/firewall:
config include option type 'nftables' option path '/etc/config/custom_nat.nft' option position 'chain-pre' option chain 'dstnat_wan'
contents of /etc/config/custom_nat.nft:
tcp dport 414-419 ct state new log prefix "Port Forward: "