[pve-devel] applied: [PATCH v4 firewall 0/2] firewall conntrack logging
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu Dec 13 14:34:32 CET 2018
applied
On Thu, Dec 13, 2018 at 01:08:50PM +0100, David Limbeck wrote:
> Adds optional conntrack logging. pvefw-logger is restarted whenever the
> config changes.
>
> To enable conntrack logging set 'log_nf_conntrack: 1' in
> /etc/pve/nodes/{node}/host.fw
> To enable timestamps (start and end time in [DESTROY] messages) set
> /proc/sys/net/netfilter/nf_conntrack_timestamp to 1
>
> v3 ->v4:
> fixed cover letter version
> fixed check for ENOENT
>
> v2->v3:
> incorporated Wolfgang's suggestions
> pvefw-logger:
> - file path as DEFINE
> - check for ENOENT
> - conntrack: everything other than '1' is false
>
> Firewall.pm:
> - changed command to 'try-reload-or-restart'
> - separated parts of command
> - brace placement
>
> David Limbeck (2):
> add conntrack logging via libnetfilter_conntrack
> add log_nf_conntrack host firewall option
>
> debian/control | 1 +
> src/Makefile | 2 +-
> src/PVE/Firewall.pm | 20 +++++++++++++-
> src/pvefw-logger.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++
> 4 files changed, 98 insertions(+), 2 deletions(-)
>
> --
> 2.11.0
More information about the pve-devel
mailing list