Open Lusitaniae opened 2 years ago
Looking at https://github.com/retailnext/iptables_exporter
It seems this exporter will require additional permissions to perform it's job, example of systemd settings (under [Service]):
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW AmbientCapabilities=CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
Also would be good to clarify that the exporter only tracks rules that have a comment starting with iptables-exporter [rule name], wasn't very obvious to me and had to skim through the code to figure it out.
iptables-exporter [rule name]
Looking at https://github.com/retailnext/iptables_exporter
It seems this exporter will require additional permissions to perform it's job, example of systemd settings (under [Service]):
Also would be good to clarify that the exporter only tracks rules that have a comment starting with
iptables-exporter [rule name]
, wasn't very obvious to me and had to skim through the code to figure it out.