diff options
| author | Stijn Tintel <stijn@linux-ipv6.be> | 2018-02-26 23:06:03 +0100 |
|---|---|---|
| committer | Stijn Tintel <stijn@linux-ipv6.be> | 2018-02-26 23:12:51 +0100 |
| commit | a3ef503ed515752f7d1809c8c3238c0e4c7ce150 (patch) | |
| tree | cff53c21cf305b9ad80bbdbc9a548d4e306be4c2 | |
| parent | f50a524847a0ac74ef8cc74011d3cc46e9269c6b (diff) | |
| download | firewall3-a3ef503ed515752f7d1809c8c3238c0e4c7ce150.tar.gz | |
zones: allow per-table log control
When enabling logging for a zone, logging is enabled in the filter and
mangle tables. The log rule in the mangle table enables mtu_fix logging,
which has the tendency to flood logs. Allow per-table log control by
making the log boolean a bit field that can be used to enabled logging
in the filter and/or mangle tables.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
| -rw-r--r-- | options.h | 2 | ||||
| -rw-r--r-- | zones.c | 11 |
2 files changed, 9 insertions, 4 deletions
@@ -324,7 +324,7 @@ struct fw3_zone struct list_head cthelpers; - bool log; + int log; struct fw3_limit log_limit; bool custom_chains; @@ -53,6 +53,11 @@ static const struct fw3_chain_spec zone_chains[] = { { } }; +enum fw3_zone_logmask { + FW3_ZONE_LOG_FILTER = (1 << 0), + FW3_ZONE_LOG_MANGLE = (1 << 1), +}; + const struct fw3_option fw3_zone_opts[] = { FW3_OPT("enabled", bool, zone, enabled), @@ -79,7 +84,7 @@ const struct fw3_option fw3_zone_opts[] = { FW3_OPT("mtu_fix", bool, zone, mtu_fix), FW3_OPT("custom_chains", bool, zone, custom_chains), - FW3_OPT("log", bool, zone, log), + FW3_OPT("log", int, zone, log), FW3_OPT("log_limit", limit, zone, log_limit), FW3_OPT("auto_helper", bool, zone, auto_helper), @@ -496,7 +501,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, { if (zone->mtu_fix) { - if (zone->log) + if (zone->log & FW3_ZONE_LOG_MANGLE) { snprintf(buf, sizeof(buf) - 1, "MSSFIX(%s): ", zone->name); @@ -629,7 +634,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_flag_names[zone->policy_output]); fw3_ipt_rule_append(r, "zone_%s_output", zone->name); - if (zone->log) + if (zone->log & FW3_ZONE_LOG_FILTER) { for (t = FW3_FLAG_REJECT; t <= FW3_FLAG_DROP; t++) { |