From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 16 Oct 2024 14:32:33 +0000 (+0200)
Subject: Updated efg.pm (implemented firewall logging to host).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=1397084f27a585c7e809a81f0e49320d99b08c2b;p=user-lxc.git

Updated efg.pm (implemented firewall logging to host).
---

diff --git a/sources/efg.pm/c3d/firstboot/data/nftables.config b/sources/efg.pm/c3d/firstboot/data/nftables.config
index b3c425c..85b8114 100644
--- a/sources/efg.pm/c3d/firstboot/data/nftables.config
+++ b/sources/efg.pm/c3d/firstboot/data/nftables.config
@@ -212,9 +212,9 @@ add rule ip efg-filter input \
     counter accept comment "GRE"
 
 add rule ip efg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "efg INPUT(drop): "
 add rule ip6 efg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "efg INPUT(drop): "
 
 
 ################################
@@ -379,10 +379,10 @@ add rule ip6 efg-filter forward \
     counter accept comment "ICMPv6"
 
 add rule ip efg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "efg FORWARD(drop): "
 
 add rule ip6 efg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "efg FORWARD(drop): "
 
 
 ################################
@@ -422,9 +422,9 @@ add rule ip6 efg-filter output \
     counter accept comment "ICMPv6"
 
 add rule ip efg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "efg OUTPUT(drop): "
 add rule ip6 efg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "efg OUTPUT(drop): "
 
 
 ################################
diff --git a/sources/efg.pm/config b/sources/efg.pm/config
index a184c55..4b08857 100644
--- a/sources/efg.pm/config
+++ b/sources/efg.pm/config
@@ -23,6 +23,8 @@ lxc.cgroup2.devices.allow = a
 lxc.cgroup2.memory.high = 384M
 lxc.cgroup2.memory.max = 512M
 
+lxc.hook.pre-start = /usr/bin/sh -c "echo 1 >/proc/sys/net/netfilter/nf_log_all_netns"
+
 lxc.group = ex
 lxc.group = gw
 lxc.group = pm