Updated efg.pm (implemented firewall logging to host).

diff --git a/sources/efg.pm/c3d/firstboot/data/nftables.config b/sources/efg.pm/c3d/firstboot/data/nftables.config
index b3c425c80342e273da5918dd0b2d95178d9ed012..85b8114398435850bbb01be6afc40a001ddbbedf 100644 (file)
--- a/sources/efg.pm/c3d/firstboot/data/nftables.config
+++ b/sources/efg.pm/c3d/firstboot/data/nftables.config
@@ -212,9 +212,9 @@ add rule ip efg-filter input \
     counter accept comment "GRE"
 
 add rule ip efg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "efg INPUT(drop): "
 add rule ip6 efg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "efg INPUT(drop): "
 
 
 ################################
@@ -379,10 +379,10 @@ add rule ip6 efg-filter forward \
     counter accept comment "ICMPv6"
 
 add rule ip efg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "efg FORWARD(drop): "
 
 add rule ip6 efg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "efg FORWARD(drop): "
 
 
 ################################
@@ -422,9 +422,9 @@ add rule ip6 efg-filter output \
     counter accept comment "ICMPv6"
 
 add rule ip efg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "efg OUTPUT(drop): "
 add rule ip6 efg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "efg OUTPUT(drop): "
 
 
 ################################

diff --git a/sources/efg.pm/config b/sources/efg.pm/config
index a184c55652dd716a8ee78d096a331e84d9bf6944..4b08857e1b697784b0fa1b87a303d6df7c7a0ebb 100644 (file)
--- a/sources/efg.pm/config
+++ b/sources/efg.pm/config
@@ -23,6 +23,8 @@ lxc.cgroup2.devices.allow = a
 lxc.cgroup2.memory.high = 384M
 lxc.cgroup2.memory.max = 512M
 
+lxc.hook.pre-start = /usr/bin/sh -c "echo 1 >/proc/sys/net/netfilter/nf_log_all_netns"
+
 lxc.group = ex
 lxc.group = gw
 lxc.group = pm