[pve-devel] applied: [PATCH v4 firewall 0/2] firewall conntrack logging

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Dec 13 14:34:32 CET 2018


applied

On Thu, Dec 13, 2018 at 01:08:50PM +0100, David Limbeck wrote:
> Adds optional conntrack logging. pvefw-logger is restarted whenever the
> config changes.
> 
> To enable conntrack logging set 'log_nf_conntrack: 1' in
> /etc/pve/nodes/{node}/host.fw
> To enable timestamps (start and end time in [DESTROY] messages) set
> /proc/sys/net/netfilter/nf_conntrack_timestamp to 1
> 
> v3 ->v4:
>   fixed cover letter version
>   fixed check for ENOENT
> 
> v2->v3:
>   incorporated Wolfgang's suggestions
>   pvefw-logger:
>   - file path as DEFINE
>   - check for ENOENT
>   - conntrack: everything other than '1' is false
> 
>   Firewall.pm:
>   - changed command to 'try-reload-or-restart'
>   - separated parts of command
>   - brace placement
> 
> David Limbeck (2):
>   add conntrack logging via libnetfilter_conntrack
>   add log_nf_conntrack host firewall option
> 
>  debian/control      |  1 +
>  src/Makefile        |  2 +-
>  src/PVE/Firewall.pm | 20 +++++++++++++-
>  src/pvefw-logger.c  | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 98 insertions(+), 2 deletions(-)
> 
> -- 
> 2.11.0




More information about the pve-devel mailing list