I noticed a similar issue as described in Missing firewal logs in RC1 and just wanted to check in with the community if others are seeing the same.
When I try to see firewall logs using the show log firewall command the output is blank, however the firewall ruleset is configured to log traffic and I can confirm logged traffic is there using other means. Submitting this in case it’s a bug that needs to be filled.
Happy to post this as a bug on vyos.dev if others can reproduce/see the same.
Version info:
Version: VyOS 1.4.0-rc1
Release train: sagitta
Built by: Sentrium S.L.
Built on: Thu 21 Dec 2023 19:06 UTC
Build UUID: 2463607a-ddc5-4942-8685-00d078350c68
Build commit ID: 81ec3de04eb291
Architecture: x86_64
Boot via: installed image
System type: bare metal
Show log firewall command returns nothing:
xxxxxxxx@vyos:~$ show log firewall name WAN-LOCAL
xxxxxxxx@vyos:~$
The WAN-LOCAL rule set used:
name WAN-LOCAL {
default-action drop
description "WAN to Firewall IPv4"
enable-default-log
rule 1 {
action accept
state established
state related
}
rule 2 {
action drop
log
state invalid
}
rule 5 {
action drop
description "Drop traffic from PrivateNetworks-v4 group"
log
source {
group {
network-group PrivateNetworks-v4
}
}
}
rule 100 {
action accept
description "Allow ICMP from WAN to firewall"
protocol icmp
state new
}
rule 810 {
action accept
description "Allow incoming WG VPN"
destination {
port 51820
}
log
protocol udp
}
}
Various commands showing dropped traffic exists:
xxxxxxxx@vyos:~$ show firewall ipv4 name WAN-LOCAL
Ruleset Information
---------------------------------
ipv4 Firewall "name WAN-LOCAL"
Rule Action Protocol Packets Bytes Conditions
------- -------- ---------- --------- ------- -----------------------------------------------------------------
1 accept all 15460 5141571 ct state { established, related } accept
2 drop all 64 2920 ct state invalid prefix "[ipv4-NAM-WAN-LOCAL-2-D]"
5 drop all 0 0 ip saddr @N_PrivateNetworks-v4 prefix "[ipv4-NAM-WAN-LOCAL-5-D]"
100 accept icmp 85289 3177656 ct state new meta l4proto icmp accept
810 accept udp 7 1232 udp dport 51820 prefix "[ipv4-NAM-WAN-LOCAL-810-A]" accept
default drop all 6181 279362
xxxxxxxx@vyos# sudo nft list chain ip vyos_filter NAME_WAN-LOCAL
table ip vyos_filter {
chain NAME_WAN-LOCAL {
ct state { established, related } counter packets 14742 bytes 5039319 accept comment "ipv4-NAM-WAN-LOCAL-1"
ct state invalid log prefix "[ipv4-NAM-WAN-LOCAL-2-D]" counter packets 64 bytes 2920 drop comment "ipv4-NAM-WAN-LOCAL-2"
ip saddr @N_PrivateNetworks-v4 log prefix "[ipv4-NAM-WAN-LOCAL-5-D]" counter packets 0 bytes 0 drop comment "ipv4-NAM-WAN-LOCAL-5"
ct state new meta l4proto icmp counter packets 84394 bytes 3141788 accept comment "ipv4-NAM-WAN-LOCAL-100"
udp dport 51820 log prefix "[ipv4-NAM-WAN-LOCAL-810-A]" counter packets 6 bytes 1056 accept comment "ipv4-NAM-WAN-LOCAL-810"
counter packets 6096 bytes 275666 log prefix "[ipv4-WAN-LOCAL-default-D]" drop comment "WAN-LOCAL default-action drop"
}
}
xxxxxxxx@vyos# cat /var/log/messages | grep "WAN-LOCAL-default"
Jan 21 19:55:05 vyos kernel: [539867.077801] [ipv4-WAN-LOCAL-default-D]IN=pppoe0 OUT= MAC= SRC=152.89.198.109 DST=174.88.159.124 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=37836 PROTO=TCP SPT=41846 DPT=16999 WINDOW=1025 RES=0x00 SYN URGP=0
Jan 21 19:55:14 vyos kernel: [539875.569395] [ipv4-WAN-LOCAL-default-D]IN=pppoe0 OUT= MAC= SRC=205.210.31.232 DST=174.88.159.124 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=54321 PROTO=TCP SPT=51217 DPT=9192 WINDOW=65535 RES=0x00 SYN URGP=0
Jan 21 19:55:22 vyos kernel: [539883.751277] [ipv4-WAN-LOCAL-default-D]IN=pppoe0 OUT= MAC= SRC=152.89.198.109 DST=174.88.159.124 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=49462 PROTO=TCP SPT=41846 DPT=15756 WINDOW=1025 RES=0x00 SYN URGP=0
...repeats as per above.