[pve-devel] [PATCH v2 firewall 0/2] firewall conntrack logging
David Limbeck
d.limbeck at proxmox.com
Tue Dec 11 15:09:50 CET 2018
v3, not v2, typo
On 12/11/18 3:09 PM, David Limbeck wrote:
> Adds optional conntrack logging. pvefw-logger is restarted whenever the
> config changes.
>
> To enable conntrack logging set 'log_nf_conntrack: 1' in
> /etc/pve/nodes/{node}/host.fw
> To enable timestamps (start and end time in [DESTROY] messages) set
> /proc/sys/net/netfilter/nf_conntrack_timestamp to 1
>
> v2->v3:
> incorporated Wolfgang's suggestions
> pvefw-logger:
> - file path as DEFINE
> - check for ENOENT
> - conntrack: everything other than '1' is false
>
> Firewall.pm:
> - changed command to 'try-reload-or-restart'
> - separated parts of command
> - brace placement
>
> David Limbeck (2):
> add conntrack logging via libnetfilter_conntrack
> add log_nf_conntrack host firewall option
>
> debian/control | 1 +
> src/Makefile | 2 +-
> src/PVE/Firewall.pm | 19 +++++++++++++-
> src/pvefw-logger.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 95 insertions(+), 2 deletions(-)
>
More information about the pve-devel
mailing list