[pve-devel] [PATCH firewall] Remove hard coded rate limit of logged packets

Christian Ebner c.ebner at proxmox.com
Tue Mar 19 16:56:31 CET 2019


As some users rely on logging of all packets dropped/rejected, this removes the
hard coded rate limit.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 src/PVE/Firewall.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index f294d36..30e2b4b 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2106,7 +2106,7 @@ sub get_log_rule_base {
     # Note: we use special format for prefix to pass further
     # info to log daemon (VMID, LOGLEVEL and CHAIN)
 
-    return "-m limit --limit 1/sec -j NFLOG --nflog-prefix \":$vmid:$loglevel:$chain: $msg\"";
+    return "-j NFLOG --nflog-prefix \":$vmid:$loglevel:$chain: $msg\"";
 }
 
 sub ruleset_add_chain_policy {
-- 
2.11.0



More information about the pve-devel mailing list