-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What's the proper chain to use when adding logging for use with this project? #19
Comments
I would very much like to know this too.. @hopper-signifyd did you figure it out ? |
I see this chart adds the rule via a calico GlobalNetworkPolicy object - but that doesn't work for me - honestica/lifen-charts#69 |
@KlavsKlavsen I couldn't get this working. The lack of any sort of timely response to this ticket made me realize that I was really on my own if I wanted to use this project. So I ditched this project and moved on to something else. |
@KlavsKlavsen I answered on the issue and it should work by specifying the right version you are using. @hopper-signifyd We maintain a helm chart which do all the setup https://artifacthub.io/packages/helm/lifen-charts/kube-iptables-tailer, happy to help if you any issue. |
We got it working. Moving to using tigera operator to update calico - made v3 api available - and hence the chart worked (we also had to rebuild docker image - v0.2.2 of it for it to work) |
The setup instructions on the README just have this:
iptables -A CHAIN_NAME -j LOG --log-prefix "EXAMPLE_LOG_PREFIX: "
What is typically used as
CHAIN_NAME
? I assume this should be a chain with a policy ofDROP
as a chain with the policy ofACCEPT
would just result in logging everything that passes through and this project would assume that they're all dropped packets, no?Also, should this rule be added to the
filter
table or would there be a reason to add it to thenat
table instead?What's the standard chain name to use? We have a pretty basic Kubernetes setup with the following chains:
Is
FORWARD
typically the best place to add ourLOG
rule for this project?The text was updated successfully, but these errors were encountered: