How to enable logging for iptables inside a Docker container?

I created some Docker images lately in order to set up a container with open VPN and firewall (iptables) support.

So far most things are working fine, but as I have some issues with the firewall, I added some more iptables rules to log dropped packages to /var/log/messages. I realized though, that even if something is dropped, no log file can be found under /var/log.

  • Installing composer in a docker image
  • automated docker hub builds won't trigger
  • Docker image layers tree
  • Docker Commit Created Images and ENTRYPOINT
  • Docker attach delay
  • Creating Persistent Volumes on Apache Mesos using HTTP Endpoint
  • Thus my question is: How does Alpine Linux handle (system) logging and how can I check the iptables log specifically?


    As larsks pointed out, default logging has been disabled in the kernel in order to prevent DDOS attacks by flooding logs.

    In order to get logging to work, I installed ulogd and followed the instructions from here.

  • Dockerizing an existing Project
  • Amazon EFS access denied while mounting in docker container
  • Is there a way of identifying base layers for docker so I can reuse them?
  • Need Explanation for the docker documentation on the swarm
  • dockerized django: static tag in templates not detecting the present static files
  • Docker containers can't access local network DNS
  • One Solution collect form web for “How to enable logging for iptables inside a Docker container?”

    The problem is not Alpine Linux. The problem is that you are trying to log from the iptables stack inside a Docker container, and to the best of my knowledge kernel doesn’t handle messages generated by iptables LOG targets in network namespaces other than the global one. LOG messages in network namespaces are intentionally suppressed to prevent a container from performing a DOS attack on the host with a high volume of log messages. See this commit in the kernel, which explicitly disabled LOG support in containers.

    Your best bet is to look at packet counts on your firewall rules to see what is matching and where packets are being dropped. You may also have some luck with the NFLOG target and ulogd.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.