example of iptables logging

Does anyone have examples of making use of iptables logging on the cumulus OS? I am trying to log denies in my rules but keep getting messages such as the following when I apply rules with target "Log":

error: line 28 : LOG rule must be followed by a rule with exact same match and target DROP

1 reply

Userlevel 5
I've never tried to do it personally but I recall seeing this blurb in the Docs which seems to be related to what you're describing. ACL DOCS Log Actions Cannot Be Forwarded Logged packets cannot be forwarded. The hardware cannot both forward a packet and send the packet to the control plane (or kernel) for logging. To emphasize this, a log action must also have a drop action.