From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 16 Oct 2024 14:33:29 +0000 (+0200)
Subject: Updated ifg.in (implemented firewall logging to host).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=c596f87bef1d7baca08f59c2f9cb9c2394fbf8e2;p=user-lxc.git

Updated ifg.in (implemented firewall logging to host).
---

diff --git a/sources/ifg.in/c3d/firstboot/data/nftables.config b/sources/ifg.in/c3d/firstboot/data/nftables.config
index f75f2f5..9af71cb 100644
--- a/sources/ifg.in/c3d/firstboot/data/nftables.config
+++ b/sources/ifg.in/c3d/firstboot/data/nftables.config
@@ -225,9 +225,9 @@ add rule ip ifg-filter input \
     counter accept comment "GRE"
 
 add rule ip ifg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "ifg INPUT(drop): "
 add rule ip6 ifg-filter input \
-    counter log prefix "INPUT"
+    counter log prefix "ifg INPUT(drop): "
 
 
 ################################
@@ -455,9 +455,9 @@ add rule ip6 ifg-filter forward \
     counter accept comment "ICMPv6"
 
 add rule ip ifg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "ifg FORWARD(drop): "
 add rule ip6 ifg-filter forward \
-    counter log prefix "FORWARD"
+    counter log prefix "ifg FORWARD(drop): "
 
 
 ################################
@@ -500,6 +500,6 @@ add rule ip6 ifg-filter output \
     counter accept comment "ICMPv6"
 
 add rule ip ifg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "ifg OUTPUT(drop): "
 add rule ip6 ifg-filter output \
-    counter log prefix "OUTPUT"
+    counter log prefix "ifg OUTPUT(drop): "
diff --git a/sources/ifg.in/config b/sources/ifg.in/config
index b626edf..9450416 100644
--- a/sources/ifg.in/config
+++ b/sources/ifg.in/config
@@ -21,6 +21,8 @@ lxc.autodev = 1
 
 lxc.cgroup2.devices.allow = a
 
+lxc.hook.pre-start = /usr/bin/sh -c "echo 1 >/proc/sys/net/netfilter/nf_log_all_netns"
+
 lxc.group = gw
 lxc.group = in
 lxc.group = pm