Hi Jo,
The idea is to fix log issues created by chains such as these:
iptables -S zone_lan_forward
-A zone_lan_forward -m comment --comment "!fw3: user chain for
forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: drop_lan_2_guest" -j
zone_guest_dest_DROP
-A zone_lan
Hi Alin,
thanks for the patch.
Unfortunately it definitely is too big for a simple "fix logging". Will
take a deeper look at it later but from a first glance it does a few
unrelated changes, renames chains and has some minor style deviations.
Regards,
Jo
Reproduction scenario:
- use 3 interfaces with 3 different zones - lan, wan and guest
- configure firewall to allow forwarding from lan to wan
- add DROP rule to prevent forwarding from lan to guest
- although packets are forwarded from lan to wan, "DROP(dest guest)"
traces are generated by zo