Nftables logging


I am doing my first steps with nftables and having troubles with logging on "OpenWrt SNAPSHOT r19181-1bf94b6797" compiled with the default options.

nft add rule inet fw4 input log
Error: Could not process rule: No such file or directory
add rule inet fw4 input log

Am I missing something obvious?

To make the logging work with ip6 or inet tables, you need to install the ip6tables-nft package.

Perfect, thank you!

Can you elaborate on the dependency? It is probably very important since firewall4 is based on an inet table.

After some research I have to make the following adjustment:

The ipv4 logging also doesn't work on fresh installation (my apologies, but it's easy to get confused after installing some additional packages).

Тhe following kernel modules must be additionally installed:

## ip table
root@OpenWrt:~# opkg install kmod-ipt-core
Installing kmod-ipt-core (5.10.109-1) to root...
Installing kmod-nf-ipt (5.10.109-1) to root...
Configuring kmod-nf-ipt.
Configuring kmod-ipt-core.

## ip6/inet table
root@OpenWrt:~# opkg install kmod-ip6tables
Installing kmod-ip6tables (5.10.109-1) to root...
Installing kmod-nf-ipt6 (5.10.109-1) to root...
Configuring kmod-nf-ipt6.
Configuring kmod-ip6tables.
1 Like

So firewall4 needs this package in order to get the nf_log_ipv6 module installed for proper inet logging.

Pinging @jow since fw4 zone logging fails.

Tried to log with "ip table" and can confirm that it does not work for ipv4 with default installation.

Guess it is intended because the additional packages are quite large.
Maybe this should be mentioned in the 22.03.0 release notes because logging seems to be a widely used feature.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.