Re: [LEDE-DEV] [PATCH] firewall: fix logging of dropped & rejected packets

2018-04-03 Thread Alin Năstac
Hi Jo, The idea is to fix log issues created by chains such as these: iptables -S zone_lan_forward -A zone_lan_forward -m comment --comment "!fw3: user chain for forwarding" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: drop_lan_2_guest" -j zone_guest_dest_DROP -A zone_lan

Re: [LEDE-DEV] [PATCH] firewall: fix logging of dropped & rejected packets

2018-04-03 Thread Jo-Philipp Wich
Hi Alin, thanks for the patch. Unfortunately it definitely is too big for a simple "fix logging". Will take a deeper look at it later but from a first glance it does a few unrelated changes, renames chains and has some minor style deviations. Regards, Jo

[LEDE-DEV] [PATCH] firewall: fix logging of dropped & rejected packets

2018-04-03 Thread Alin Nastac
Reproduction scenario: - use 3 interfaces with 3 different zones - lan, wan and guest - configure firewall to allow forwarding from lan to wan - add DROP rule to prevent forwarding from lan to guest - although packets are forwarded from lan to wan, "DROP(dest guest)" traces are generated by zo