When enabling logging for a zone, logging is enabled in the filter and
mangle tables. The log rule in the mangle table enables mtu_fix logging,
which has the tendency to flood logs. Allow per-table log control by
making the log boolean a bit field that can be used to enabled logging
in the filter and/or mangle tables.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
struct list_head cthelpers;
struct list_head cthelpers;
struct fw3_limit log_limit;
bool custom_chains;
struct fw3_limit log_limit;
bool custom_chains;
+enum fw3_zone_logmask {
+ FW3_ZONE_LOG_FILTER = (1 << 0),
+ FW3_ZONE_LOG_MANGLE = (1 << 1),
+};
+
const struct fw3_option fw3_zone_opts[] = {
FW3_OPT("enabled", bool, zone, enabled),
const struct fw3_option fw3_zone_opts[] = {
FW3_OPT("enabled", bool, zone, enabled),
FW3_OPT("mtu_fix", bool, zone, mtu_fix),
FW3_OPT("custom_chains", bool, zone, custom_chains),
FW3_OPT("mtu_fix", bool, zone, mtu_fix),
FW3_OPT("custom_chains", bool, zone, custom_chains),
- FW3_OPT("log", bool, zone, log),
+ FW3_OPT("log", int, zone, log),
FW3_OPT("log_limit", limit, zone, log_limit),
FW3_OPT("auto_helper", bool, zone, auto_helper),
FW3_OPT("log_limit", limit, zone, log_limit),
FW3_OPT("auto_helper", bool, zone, auto_helper),
+ if (zone->log & FW3_ZONE_LOG_MANGLE)
{
snprintf(buf, sizeof(buf) - 1, "MSSFIX(%s): ", zone->name);
{
snprintf(buf, sizeof(buf) - 1, "MSSFIX(%s): ", zone->name);
fw3_flag_names[zone->policy_output]);
fw3_ipt_rule_append(r, "zone_%s_output", zone->name);
fw3_flag_names[zone->policy_output]);
fw3_ipt_rule_append(r, "zone_%s_output", zone->name);
+ if (zone->log & FW3_ZONE_LOG_FILTER)
{
for (t = FW3_FLAG_REJECT; t <= FW3_FLAG_DROP; t++)
{
{
for (t = FW3_FLAG_REJECT; t <= FW3_FLAG_DROP; t++)
{