Skip to content

Instantly share code, notes, and snippets.

@Nill-R

Nill-R/nftables.conf

Created January 18, 2023 20:19
Show Gist options
  • Save Nill-R/72d2d750e76786688ad7eaa5ade70b22 to your computer and use it in GitHub Desktop.
Save Nill-R/72d2d750e76786688ad7eaa5ade70b22 to your computer and use it in GitHub Desktop.
Download ZIP
nftables log output new state
Raw
nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table ip filter {
chain output_log {
type filter hook output priority 0;
oifname eth0 tcp dport 80 ct state new log prefix "New outgoing http connection: " group 1 accept
oifname eth0 tcp dport 443 ct state new log prefix "New outgoing https connection: " group 1 accept
oifname eth0 tcp dport 22 ct state new log prefix "New outgoing SSH connection: " group 2 accept
}
}
Raw
ulogd.conf
[global]
######################################################################
# GLOBAL OPTIONS
######################################################################
# logfile for status messages
logfile="syslog"
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
loglevel=3
# this is a stack for logging packet send by system via LOGEMU
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu2:LOGEMU
stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu3:LOGEMU
[log1]
group=0
[emu1]
file=/var/log/ulog/ulog.log
[log2]
group=1
[emu2]
file=/var/log/ulog/http.out.log
[log3]
group=2
[emu3]
file=/var/log/ulog/ssh.out.log
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment