All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Westphal <fw@strlen.de>
To: Alberto <alberto@bersol.info>
Cc: netfilter@vger.kernel.org
Subject: Re: [nftables] Log to DNAT rule
Date: Mon, 12 Oct 2020 13:08:36 +0200	[thread overview]
Message-ID: <20201012110836.GH5723@breakpoint.cc> (raw)
In-Reply-To: <d847854e-8457-fc84-dca7-f1a4fedb978a@bersol.info>

Alberto <alberto@bersol.info> wrote:
> >     I'm starting with nftables, and I want to log SSH inputs, but I have SSH
> >     port in another port with "prerouting" with this rule:
> > 
> >     -----------------------------------------------
> >     table ip my-nat {
> >       chain PREROUTING {
> >           type nat hook prerouting priority 0; policy accept;
> >           iifname "enp1s0" tcp dport 9999 dnat to 192.168.1.3:22
> >     <http://192.168.1.3:22>
> >           ...

> >     But this log any try to 22 port (there are thousands daily), and I want
> >     log only conections to 9999 port, because only on this port, return
> >     login.
> > 
> >     If my Inputs rule are the following...
> > 
> >     -----------------------------------------------
> >          ...
> >          iifname "enp1s0" tcp dport 9999 ct state new log prefix "[NFTABLES]
> >     SSH: " accept
> >          iifname "enp1s0" tcp dport 22 ct state new accept
> >          ...
> >     -----------------------------------------------
> > 
> >     It log nothing.

iifname "enp1s0" meta l4proto tcp ct state new ct original proto-dst 9999 log prefix "[NFTABLES] SSH: " accept

      reply	other threads:[~2020-10-12 11:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <dfc15fba-2fff-a658-c4db-fc0a64603fb6@bersol.info>
2020-10-11 10:43 ` [nftables] Log to DNAT rule Alberto
2020-10-11 18:31   ` Eliezer Croitor
     [not found]   ` <CAKcfE+aM_r4J9t=8GnjhXbZfBeDj7B2_66O_CYeY94NpvWcxOw@mail.gmail.com>
2020-10-12 10:31     ` Alberto
2020-10-12 11:08       ` Florian Westphal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201012110836.GH5723@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=alberto@bersol.info \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.