[pve-devel] applied: [RFC v2 firewall 1/1] fix: #2123 Logging of user defined firewall rules
t.lamprecht at proxmox.com
Tue Mar 19 14:40:22 CET 2019
On 3/18/19 5:05 PM, Christian Ebner wrote:
> This allows a user to log traffic filtered by a self defined firewall rule.
> Therefore the API is extended to include a 'log' option allow to specify the
> log level for each rule individually.
> The 'log' option can also be specified in the fw config. In order to reduce the
> log amount, logging is limited to 1 entry per second.
> For now the rule has to be created or edited via the pvesh API call or via the
> firewall config in order to set the log level.
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> Version 2:
> * Added missing $logmsg to PVEFW-FWBRR-IN and PVEFW-FWBR-OUT rules
> * Added '--limit-burst 1' to rate limit NFLOG to 1 packet per second
> src/PVE/API2/Firewall/Rules.pm | 3 ++
> src/PVE/Firewall.pm | 63 +++++++++++++++++++++++++-----------------
> 2 files changed, 40 insertions(+), 26 deletions(-)
applied, with a followup to change the burst limit back to the default of 5.
More information about the pve-devel