With LXD it is important to fix:
$ cd /etc/ufw $ sudo sed 's/-j LOG --log-prefix/-j NFLOG --nflog-prefix/' -i.bak user.rules $ sudo sed 's/-j LOG --log-prefix/-j NFLOG --nflog-prefix/' -i.bak user6.rules
Please add NFLOG support. Unprivileged containers don't have a /dev/kmsg device and access to /proc/kmsg is blocked by the kernel.
### LOGGING ### -A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ###
### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ###
How can I replace the rules in after.rules?
With LXD it is important to fix:
$ cd /etc/ufw
$ sudo sed 's/-j LOG --log-prefix/-j NFLOG --nflog-prefix/' -i.bak user.rules
$ sudo sed 's/-j LOG --log-prefix/-j NFLOG --nflog-prefix/' -i.bak user6.rules
Please add NFLOG support.
Unprivileged containers don't have a /dev/kmsg device and access to /proc/kmsg is blocked by the kernel.
### LOGGING ### logging- input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 logging- forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-
-A ufw-after-
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ### limit-accept -j ACCEPT
-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-
### END RATE LIMITING ###
How can I replace the rules in after.rules?