How nftables log to external file Logging traffic blocked by the nftables or iptables firewall rules is necessary for debugging the firewall rules and to be alerted to local software problems. Any packet matching a rule can be logged by using -j LOG target for iptables or log statement for nftables. Logging packet has no effect on the packet's disposition, however. The packet must match an accept or drop rule. Linux Security Networking
