From 1397084f27a585c7e809a81f0e49320d99b08c2b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zolt=C3=A1n=20Felleg?= Date: Wed, 16 Oct 2024 16:32:33 +0200 Subject: [PATCH] Updated efg.pm (implemented firewall logging to host). --- sources/efg.pm/c3d/firstboot/data/nftables.config | 12 ++++++------ sources/efg.pm/config | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/sources/efg.pm/c3d/firstboot/data/nftables.config b/sources/efg.pm/c3d/firstboot/data/nftables.config index b3c425c..85b8114 100644 --- a/sources/efg.pm/c3d/firstboot/data/nftables.config +++ b/sources/efg.pm/c3d/firstboot/data/nftables.config @@ -212,9 +212,9 @@ add rule ip efg-filter input \ counter accept comment "GRE" add rule ip efg-filter input \ - counter log prefix "INPUT" + counter log prefix "efg INPUT(drop): " add rule ip6 efg-filter input \ - counter log prefix "INPUT" + counter log prefix "efg INPUT(drop): " ################################ @@ -379,10 +379,10 @@ add rule ip6 efg-filter forward \ counter accept comment "ICMPv6" add rule ip efg-filter forward \ - counter log prefix "FORWARD" + counter log prefix "efg FORWARD(drop): " add rule ip6 efg-filter forward \ - counter log prefix "FORWARD" + counter log prefix "efg FORWARD(drop): " ################################ @@ -422,9 +422,9 @@ add rule ip6 efg-filter output \ counter accept comment "ICMPv6" add rule ip efg-filter output \ - counter log prefix "OUTPUT" + counter log prefix "efg OUTPUT(drop): " add rule ip6 efg-filter output \ - counter log prefix "OUTPUT" + counter log prefix "efg OUTPUT(drop): " ################################ diff --git a/sources/efg.pm/config b/sources/efg.pm/config index a184c55..4b08857 100644 --- a/sources/efg.pm/config +++ b/sources/efg.pm/config @@ -23,6 +23,8 @@ lxc.cgroup2.devices.allow = a lxc.cgroup2.memory.high = 384M lxc.cgroup2.memory.max = 512M +lxc.hook.pre-start = /usr/bin/sh -c "echo 1 >/proc/sys/net/netfilter/nf_log_all_netns" + lxc.group = ex lxc.group = gw lxc.group = pm -- 2.54.0