[pve-devel] [PATCH] add log for ipfilter, macfilter && ipv6 router-advertisement
Tom Weber
pve at junkyard.4t2.com
Thu Sep 7 09:12:49 CEST 2017
Hi Alexandre,
i can test it later, thanks. 2 comments though.
Am Donnerstag, den 07.09.2017, 03:22 +0200 schrieb Alexandre Derumier:
> + my ($ruleset, $chain, $ipversion, $options, $macaddr,
> $ipfilter_ipset, $direction, $vmid) = @_;
> +
> + my $lc_direction = lc($direction);
> + my $loglevel = get_option_log_level($options,
> "log_level_${lc_direction}");
in this function we're only logging for outgoing. it's always
log_level_out if we need it.
> - ruleset_addrule($ruleset, $chain, "-m mac ! --mac-
> source
> $macaddr -j DROP");
> + my $rule = "-m mac ! --mac-source $macaddr";
> + ruleset_addlog($ruleset, $chain, $vmid, "policy DROP: ",
> $loglevel, $rule);
> + ruleset_addrule($ruleset, $chain, "$rule -j DROP");
you are aware that $rule is used elsewhere and in a totally different
way? just look in ruleset_add_group_rule. Thats why I named it
$matchrule initially to avoid confusion.
Tom
More information about the pve-devel
mailing list