Logging is super important, I'm keeping this page short so that it can be used in emergencies.
Some quick facts:

nftables logs directly to dmesg.
nftables logging requires a kernel module

Requirements

In order to use log statements, you will need to install some additional packages.
sudo pacman -S libnfnetlink
sudo modprobe nfnetlink_log

Checking Logs

# watch logs, filtered by 'yourprefix'
sudo journalctl --dmesg -f \
  | grep your_configured_logprefix  # ex. 'nft'

Syntax

You can log packets that match a specific rule,
or create a rule that logs anything that reaches there.
# log traffic that matches rule (then apply rule)
tcp dport 22 \
  log prefix "[nft] dropped ssh: " \
  drop

# simply log anything that reaches here
log prefix "[nft] dropped: "

Anonymous

Search

Nftables logging

Namespaces

More

Page actions

Requirements

Checking Logs

Syntax

Navigation

Navigation

Programs

QuickRef

Operating Systems

wiki pages

Wiki tools

Wiki tools

Anonymous

Search

Nftables logging

Requirements

Checking Logs

Syntax

Navigation

Wiki tools

Page tools

Categories