[pve-devel] applied: [RFC v2 firewall 1/1] fix: #2123 Logging of user defined firewall rules

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Mar 19 14:40:22 CET 2019


On 3/18/19 5:05 PM, Christian Ebner wrote:
> This allows a user to log traffic filtered by a self defined firewall rule.
> Therefore the API is extended to include a 'log' option allow to specify the
> log level for each rule individually.
> 
> The 'log' option can also be specified in the fw config. In order to reduce the
> log amount, logging is limited to 1 entry per second.
> 
> For now the rule has to be created or edited via the pvesh API call or via the
> firewall config in order to set the log level.
> 
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> ---
> 
> Version 2:
>     * Added missing $logmsg to PVEFW-FWBRR-IN and PVEFW-FWBR-OUT rules
>     * Added '--limit-burst 1' to rate limit NFLOG to 1 packet per second
> 
>  src/PVE/API2/Firewall/Rules.pm |  3 ++
>  src/PVE/Firewall.pm            | 63 +++++++++++++++++++++++++-----------------
>  2 files changed, 40 insertions(+), 26 deletions(-)
> 

applied, with a followup to change the burst limit back to the default of 5.
Thanks!





More information about the pve-devel mailing list