How can I log packets dropped by policy in nftables?

linux-networking nftables

Well, I'm going to guess that you also want to know WHAT kind of packet is being logged at the end of your nftables chain.

I would add one line at the end of your chain, example of filter input chain is given below:

table filter {
  ...
  chain input {
    type filter hook input priority 0; policy drop;
    ...
    # All my rules go here

    ...
    # Pick one that suits your needs best
    counter comment "total unfiltered input packets"
    log            # simple detail goes into the log
    log flags all  # extra details go into the log
    log flags all prefix "GOTCHA!: " # parseable keyword
    log flags all counter  # redundant but example
    # drop; # this is redundant policy is drop already
  }
  ...
}

Related

【Troubleshooting and Questions】Kubernetes Pod-to-Pod Communication Cross Nodes
HTTPS + Nginx Reverse Proxy + URL rewrite
Veeam Backup job in two NAS at once [closed]
Unattended Linux installation from PXE using IPMI
Manipulation sender e-mail-address with invitation
Virtualbox / Vagrant "closed by remote host" during routine use
How to show the current file being edited in the project view in PyCharm?
How to make UIImagePickerController for camera and photo library at the same time in swift
UIKeyboardBoundsUserInfoKey is deprecated, what to use instead?
How to convert NSIndexpath into NSInteger or simply int?
IQueryable<T> does not contain a definition for 'Include' and no extension method 'Include'
Unable to build Maven project due to Javadoc error?