Iptables: LOG target not working in LXD containers

David Henegar
1 min read

If you're using LXD, you may be surprised that you're not getting packets logged with iptables' LOG target. Or, not really surprised - since the LOG target is kernel logging, and LXD containers are pretty much limited when it comes to accessing various kernel functions, for security reason.

A workaround is to use NFLOG target and ulogd2:


So if your rules looked like below:


Then just change LOG target to NFLOG:

Then, ulogd2 will write the logs to /var/log/ulog/ directory, i.e.:

Also, please note that ULOG target was deprecated (you'll still find a lot of info about it) - you need to use NFLOG instead.

Short Tips and Fixes
Read next

Fix Maven Import Issues: Step-By-Step Guide to Troubleshoot Unable to Import Maven Project – See Logs for Details Error

Troubleshooting Guide: Fixing the I/O Operation Aborted due to Thread Exit or Application Request Error

Resolving the 'Undefined Operator *' Error for Function_Handle Input Arguments: A Comprehensive Guide

Solving the Command 'bin sh' Failed with Exit Code 1 Issue: Comprehensive Guide

Troubleshooting Guide: Fixing the 'Current Working Directory is Not a Cordova-Based Project' Error

Solving 'Symbol(s) Not Found for Architecture x86_64' Error

Solving Resource Interpreted as Stylesheet but Transferred with MIME Type Text/Plain

Solving 'Failed to Push Some Refs to Heroku' Error

Solving 'Container Name Already in Use' Error: A Comprehensive Guide to Solving Docker Container Conflicts

Solving the Issue of Unexpected $gopath/go.mod File Existence

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Lxadm.com.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.