Updated ifg.in (implemented firewall logging to host).

diff --git a/sources/ifg.in/c3d/firstboot/data/nftables.config b/sources/ifg.in/c3d/firstboot/data/nftables.config
index f75f2f5bc1b2339c150ae732f4911052876d8dd8..9af71cb23a8b00d18fdd7d2c6cf590334f260cdf 100644 (file)
--- a/sources/ifg.in/c3d/firstboot/data/nftables.config
+++ b/sources/ifg.in/c3d/firstboot/data/nftables.config
@@ -225,9 +225,9 @@ add rule ip ifg-filter input \
     counter accept comment "GRE"
 
 add rule ip ifg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "ifg INPUT(drop): "
 add rule ip6 ifg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "ifg INPUT(drop): "
 
 
 ################################
@@ -455,9 +455,9 @@ add rule ip6 ifg-filter forward \
     counter accept comment "ICMPv6"
 
 add rule ip ifg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "ifg FORWARD(drop): "
 add rule ip6 ifg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "ifg FORWARD(drop): "
 
 
 ################################
@@ -500,6 +500,6 @@ add rule ip6 ifg-filter output \
     counter accept comment "ICMPv6"
 
 add rule ip ifg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "ifg OUTPUT(drop): "
 add rule ip6 ifg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "ifg OUTPUT(drop): "

diff --git a/sources/ifg.in/config b/sources/ifg.in/config
index b626edf88a966cd8da7018e7fb9ba1282d2c7c0d..9450416dfe529f140fa18a2500e37e3ee7cfec31 100644 (file)
--- a/sources/ifg.in/config
+++ b/sources/ifg.in/config
@@ -21,6 +21,8 @@ lxc.autodev = 1
 
 lxc.cgroup2.devices.allow = a
 
+lxc.hook.pre-start = /usr/bin/sh -c "echo 1 >/proc/sys/net/netfilter/nf_log_all_netns"
+
 lxc.group = gw
 lxc.group = in
 lxc.group = pm