Firewall rule usage log

Hello, if i have in firewall for example port forwarding rule, like RDP forward from WAN to my lan client PC, is it possible to see somewhere in the log information, when this port forwarding rule was used, meaning that somebody logged in via RDP to the client?

Thanks.

netfilter is logging by default to the kernel log, that if packages are tagged (iptables/nftables) for logging

There’s an iptables filter in syslog-ng.conf:

filter f_turris_iptables {
        not match(".*turris[^:]*: .*" value(MESSAGE) type("posix")) or not level(debug);
};

It’s not clear to me if this is to filter out iptables messages or not.

Can someone from Turris expand on the reasons for this filter?

Create custom firewall rule (Luci - Network - Firewall - Custom rules) with -j LOG --log-level 4
Then look at /var/log/messages (or dmesg output).

If I have:
iptables -t nat -A prerouting_wan_rule -d PUBLIC.IP -j DNAT --to-destination 192.168.1.2
Then I need:
iptables -t nat -A prerouting_wan_rule -d PUBLIC.IP -j LOG --log-level 4 iptables -t nat -A prerouting_wan_rule -d PUBLIC.IP -j DNAT --to-destination 192.168.1.2

Its depends on your portforwarding/custom rule. You have to look at your current iptables first (iptables -vnL, then iptables -t nat -vnL).