iptables-exporter icon indicating copy to clipboard operation
iptables-exporter copied to clipboard
verified publisher icon madron

Document requirements

Open Lusitaniae opened this issue 3 years ago • 0 comments

Looking at https://github.com/retailnext/iptables_exporter

It seems this exporter will require additional permissions to perform it's job, example of systemd settings (under [Service]):

CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
AmbientCapabilities=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW

Also would be good to clarify that the exporter only tracks rules that have a comment starting with iptables-exporter [rule name], wasn't very obvious to me and had to skim through the code to figure it out.

Lusitaniae avatar Feb 27 '22 23:02 Lusitaniae