[pve-devel] applied: [PATCH firewall] Remove redundant logging of packets passing the tap chain.
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu May 16 09:57:12 CEST 2019
applied
On Wed, May 15, 2019 at 05:09:13PM +0200, Christian Ebner wrote:
> Incomming and outgoing packets passing the firewall bridge were unneccessarily
> logged, leading to double entries.
> The first log entry occurred when passing the bridge, the second when the packets
> fate was decided (ACCEPT/DROP/REJECT).
>
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> ---
> src/PVE/Firewall.pm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index f84e6d9..abcc1e8 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -2387,10 +2387,10 @@ sub generate_tap_rules_direction {
> # plug the tap chain to bridge chain
> if ($direction eq 'IN') {
> ruleset_addrule($ruleset, "PVEFW-FWBR-IN",
> - "-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain", $loglevel, 'FWBR-IN: ', $vmid);
> + "-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain");
> } else {
> ruleset_addrule($ruleset, "PVEFW-FWBR-OUT",
> - "-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain", $loglevel, 'FWBR-OUT: ', $vmid);
> + "-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain");
> }
> }
>
> --
> 2.11.0
More information about the pve-devel
mailing list