How to enable logging for iptables inside a Docker container?

I created some Docker images lately in order to set up a container with open VPN and firewall (iptables) support.

So far most things are working fine, but as I have some issues with the firewall, I added some more iptables rules to log dropped packages to /var/log/messages. I realized though, that even if something is dropped, no log file can be found under /var/log.

  • Nginx as Reverse Proxy for Docker VHosts
  • Connect CI Runner to Docker network
  • aws cli cannot read from dynamodb docker container
  • docker ubuntu container: shell linked to bash still starts shell
  • Unable to open application after docker-compose
  • One docker container on AWS - resource usage?
  • Thus my question is: How does Alpine Linux handle (system) logging and how can I check the iptables log specifically?


    As larsks pointed out, default logging has been disabled in the kernel in order to prevent DDOS attacks by flooding logs.

    In order to get logging to work, I installed ulogd and followed the instructions from here.

  • How can I pass secret data to a container
  • Unable to Connect From Dockerized Node Program to Localhost Mongodb
  • Kamon, Statsd, Grafana Disk Space
  • Docker not able to run Java app
  • Set $PROJECT_NAME in docker-compose file?
  • dockerd --add-runtime vs. docker-container --runtime
  • One Solution collect form web for “How to enable logging for iptables inside a Docker container?”

    The problem is not Alpine Linux. The problem is that you are trying to log from the iptables stack inside a Docker container, and to the best of my knowledge kernel doesn’t handle messages generated by iptables LOG targets in network namespaces other than the global one. LOG messages in network namespaces are intentionally suppressed to prevent a container from performing a DOS attack on the host with a high volume of log messages. See this commit in the kernel, which explicitly disabled LOG support in containers.

    Your best bet is to look at packet counts on your firewall rules to see what is matching and where packets are being dropped. You may also have some luck with the NFLOG target and ulogd.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.