Hello, I have Resin OS 1.24.0 and Supervisor 2.8.3 on my device (FROM resin/nuc-debian:latest), and I was surprised to find that I could not create a LOG target in my iptables rules. I want this to that I know that packets are about to be dropped. If my understanding is correct, the issue is that the Yocto modules installed on my device (at 4.1.8) are missing the required Netfilter modules, nf_log_common and nf_log_ipv4 in particular.
Googling, I see that a relatively old commit to resinhup includes 4.1.10 along with the expected Netfilter plugins:
I’d rather not have to use resinhup to update my device if I don’t have to. I guess my questions are:
- Is it expected/by design that 4.1.8 is missing nf_log_common and nf_log_ipv4?
- Is there any plan to have 4.1.10 on ResinOS 1.x devices? By extension, should I just try ResinOS 2?
- What should I be doing to get the LOG target in my iptables rules? Without the module, iptables says that LOG is not a valid target.
root@nuc:~# ls -l /lib/modules/4.1.8-yocto-standard/kernel/net/ipv4/netfilter/ | grep nf_ -rw-r--r-- 1 root root 14152 Dec 5 17:14 nf_nat_h323.ko -rw-r--r-- 1 root root 6248 Dec 5 17:14 nf_nat_masquerade_ipv4.ko -rw-r--r-- 1 root root 6832 Dec 5 17:14 nf_nat_pptp.ko -rw-r--r-- 1 root root 5240 Dec 5 17:14 nf_nat_proto_gre.ko -rw-r--r-- 1 root root 6416 Dec 5 17:14 nf_reject_ipv4.ko root@nuc:~#