Am Montag, den 18.09.2017, 13:34 +0200 schrieb Dietmar Maurer:
> >
> > With that in mind, I have no objections to this patch (or a version
> > of
> > it, see the inline comments below).
> But logging all Dropped package would produce an incredible amount of
> logs?
That's why I'd like to have a f
> On September 18, 2017 at 1:34 PM Dietmar Maurer wrote:
>
>
> > With that in mind, I have no objections to this patch (or a version of
> > it, see the inline comments below).
>
> But logging all Dropped package would produce an incredible amount of logs?
That's where the log level comes in.
Am Montag, den 18.09.2017, 12:21 +0200 schrieb Wolfgang Bumiller:
> Improving logging makes sense, the current state might be confuse for
> some (given that drop-rules simply generate a `-j DROP` iptables
> rules
> and therefore don't get logged).
> This seems to be a good first step, although I'd
> With that in mind, I have no objections to this patch (or a version of
> it, see the inline comments below).
But logging all Dropped package would produce an incredible amount of logs?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.p
Improving logging makes sense, the current state might be confuse for
some (given that drop-rules simply generate a `-j DROP` iptables rules
and therefore don't get logged).
This seems to be a good first step, although I'd be much happier if
iptables would allow setting the log-prefix and performin
making ruleset generation aware of a match and action
part in iptable rules.
code will generate the same iptables as before! (except for
a few additional spaces between match and action).
---
src/PVE/Firewall.pm | 168 +++-
1 file changed, 99 inserti
