Implement NFLOG logging target support #18
Description
The GUI already offers a LOG vs NFLOG radio button in the iptables/nftables platform settings dialogs, along with NFLOG-specific parameters (cprange, queue threshold, netlink group). However, the compiler currently hardcodes use_ulog=0 and always generates LOG rules.
What needs to happen:
- The compiler should honour the
use_NFLOGoption and generate-j NFLOG(iptables) /log group X(nftables) rules instead of-j LOG/logwhen enabled. - The NFLOG parameters (
nflog_cprange,nflog_qthreshold,nflog_nlgroup) should be passed through to the generated rules.
Background:
NFLOG is the modern netfilter logging target. It sends packets via netlink to a userspace daemon (ulogd2, rsyslog with imjournal/imnflog, or syslog-ng) rather than logging directly to the kernel ring buffer. This is more flexible (log to files, databases, pcap, multiple groups) but requires additional setup on the target host.
The deprecated ULOG target has been removed from the GUI and codebase — only LOG and NFLOG remain.