Last Modified: Jun 27, 2024
Affected Product(s):
F5OS Velos
Known Affected Versions:
F5OS-A 1.3.0, F5OS-A 1.3.1, F5OS-A 1.3.2, F5OS-A 1.4.0, F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-C 1.3.0, F5OS-C 1.3.1, F5OS-C 1.3.2, F5OS-C 1.5.0, F5OS-C 1.5.1, F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2
Opened: Mar 09, 2023 Severity: 3-Major
system_latest_vers network namespaces are disabled by default to prevent host kernel log flooding from inside a container.
When traffic is denied from an IP, we do not get a message saying traffic from a particular IP is denied.
By default, all network namespace logs are disabled except for init namespace.
Command to enable system_latest_vers network namespace denial logs: sysctl -w net.netfilter.nf_log_all_netns=1 (not-persistent) Persistent solution: 1) Create a file: /etc/sysctl.conf 2) Run the command: echo "net.netfilter.nf_log_all_netns = 1" >> /etc/sysctl.conf
None