netfilter: improve logging and mark iptables-legacy as deprecated

2025-12-13 01:45:59 +00:00 · 2025-10-09 16:37:05 +02:00
parent df4d3bb6e0
commit 417835dea8
4 changed files with 26 additions and 9 deletions
--- a/data/Dockerfiles/netfilter/docker-entrypoint.sh
+++ b/data/Dockerfiles/netfilter/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/sh

-backend=iptables
+backend=nftables

 nft list table ip filter &>/dev/null
 nftables_found=$?
--- a/data/Dockerfiles/netfilter/main.py
+++ b/data/Dockerfiles/netfilter/main.py
@@ -449,6 +449,11 @@ if __name__ == '__main__':
    tables = NFTables(chain_name, logger)
  else:
    logger.logInfo('Using IPTables backend')
+    logger.logWarn(
+        "DEPRECATION: iptables-legacy is deprecated and will be removed in future releases. "
+        "Please switch to nftables on your host to ensure complete compatibility."
+    )
+    time.sleep(5)
    tables = IPTables(chain_name, logger)

  clear()
--- a/data/Dockerfiles/netfilter/modules/Logger.py
+++ b/data/Dockerfiles/netfilter/modules/Logger.py
@@ -1,5 +1,6 @@
 import time
 import json
+import datetime

 class Logger:
  def __init__(self):
@@ -8,17 +9,28 @@ class Logger:
  def set_redis(self, redis):
    self.r = redis

+  def _format_timestamp(self):
+    # Local time with milliseconds
+    return datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+
  def log(self, priority, message):
-    tolog = {}
-    tolog['time'] = int(round(time.time()))
-    tolog['priority'] = priority
-    tolog['message'] = message
-    print(message)
+    # build redis-friendly dict
+    tolog = {
+      'time': int(round(time.time())),  # keep raw timestamp for Redis
+      'priority': priority,
+      'message': message
+    }
+
+    # print human-readable message with timestamp
+    ts = self._format_timestamp()
+    print(f"{ts} {priority.upper()}: {message}", flush=True)
+
+    # also push JSON to Redis if connected
    if self.r is not None:
      try:
        self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
      except Exception as ex:
-        print('Failed logging to redis: %s'  % (ex))
+        print(f'{ts} WARN: Failed logging to redis: {ex}', flush=True)

  def logWarn(self, message):
    self.log('warn', message)
@@ -27,4 +39,4 @@ class Logger:
    self.log('crit', message)

  def logInfo(self, message):
-    self.log('info', message)
+    self.log('info', message)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -502,7 +502,7 @@ services:
            - acme

    netfilter-mailcow:
-      image: ghcr.io/mailcow/netfilter:1.62
+      image: ghcr.io/mailcow/netfilter:1.63
      stop_grace_period: 30s
      restart: always
      privileged: true