If you're using LXD, you may be surprised that you're not getting packets logged with iptables' LOG target. Or, not really surprised - since the LOG target is kernel logging, and LXD containers are pretty much limited when it comes to accessing various kernel functions, for security reason.
A workaround is to use NFLOG target and ulogd2:
![](https://lxadm.com/content/images/2022/09/Ekran-Resmi-2022-09-21-17.50.19.png)
So if your rules looked like below:
![](https://lxadm.com/content/images/2022/09/Ekran-Resmi-2022-09-21-17.50.23.png)
Then just change LOG target to NFLOG:
![](https://lxadm.com/content/images/2022/09/Ekran-Resmi-2022-09-21-17.50.27.png)
Then, ulogd2 will write the logs to /var/log/ulog/ directory, i.e.:
![](https://lxadm.com/content/images/2022/09/Ekran-Resmi-2022-09-21-17.50.35.png)
Also, please note that ULOG target was deprecated (you'll still find a lot of info about it) - you need to use NFLOG instead.
![](https://lxadm.com/content/images/2022/09/Ekran-Resmi-2022-09-21-17.50.40.png)