Does anyone have examples of making use of iptables logging on the cumulus OS? I am trying to log denies in my rules but keep getting messages such as the following when I apply rules with target "Log":
error: line 28 : LOG rule must be followed by a rule with exact same match and target DROP
I've never tried to do it personally but I recall seeing this blurb in the Docs which seems to be related to what you're describing. ACL DOCS
Log Actions Cannot Be Forwarded
Logged packets cannot be forwarded. The hardware cannot both forward a packet and send the packet to the control plane (or kernel) for logging. To emphasize this, a log action must also have a drop action.