How to enable logging for iptables inside a Docker container?

I created some Docker images lately in order to set up a container with open VPN and firewall (iptables) support.

So far most things are working fine, but as I have some issues with the firewall, I added some more iptables rules to log dropped packages to /var/log/messages. I realized though, that even if something is dropped, no log file can be found under /var/log.

  • Getting “netcoreapp1.0” is an unsupported framework during Docker build
  • Access docker-api without CLI installed
  • Run a shell script on dokku app deployment
  • mocha.opts reference babelhook one directory up
  • docker container running but not responding to localhost:49153
  • Jenkins Amazon ECR Plugin login issue “Authorization Token has expired”
  • Thus my question is: How does Alpine Linux handle (system) logging and how can I check the iptables log specifically?


    As larsks pointed out, default logging has been disabled in the kernel in order to prevent DDOS attacks by flooding logs.

    In order to get logging to work, I installed ulogd and followed the instructions from here.

  • Docker fails to install php mysql extension
  • Need to create listener for docker plugin on Jenkins on port 2375
  • Can a Docker container be started directly from Bluemix Workload Scheduler?
  • Docker: build with different results compared to manual step-by-step build
  • Changing a postgres containers server port in Docker Compose
  • Kubernetes - Creating a specific namespace for “services”
  • One Solution collect form web for “How to enable logging for iptables inside a Docker container?”

    The problem is not Alpine Linux. The problem is that you are trying to log from the iptables stack inside a Docker container, and to the best of my knowledge kernel doesn’t handle messages generated by iptables LOG targets in network namespaces other than the global one. LOG messages in network namespaces are intentionally suppressed to prevent a container from performing a DOS attack on the host with a high volume of log messages. See this commit in the kernel, which explicitly disabled LOG support in containers.

    Your best bet is to look at packet counts on your firewall rules to see what is matching and where packets are being dropped. You may also have some luck with the NFLOG target and ulogd.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.