From a3ef503ed515752f7d1809c8c3238c0e4c7ce150 Mon Sep 17 00:00:00 2001
From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Mon, 26 Feb 2018 23:06:03 +0100
Subject: [PATCH 1/1] zones: allow per-table log control

When enabling logging for a zone, logging is enabled in the filter and
mangle tables. The log rule in the mangle table enables mtu_fix logging,
which has the tendency to flood logs. Allow per-table log control by
making the log boolean a bit field that can be used to enabled logging
in the filter and/or mangle tables.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
 options.h |  2 +-
 zones.c   | 11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/options.h b/options.h
index 84bafed..2d10801 100644
--- a/options.h
+++ b/options.h
@@ -324,7 +324,7 @@ struct fw3_zone
 
 	struct list_head cthelpers;
 
-	bool log;
+	int log;
 	struct fw3_limit log_limit;
 
 	bool custom_chains;
diff --git a/zones.c b/zones.c
index 7638443..9161983 100644
--- a/zones.c
+++ b/zones.c
@@ -53,6 +53,11 @@ static const struct fw3_chain_spec zone_chains[] = {
 	{ }
 };
 
+enum fw3_zone_logmask {
+	FW3_ZONE_LOG_FILTER = (1 << 0),
+	FW3_ZONE_LOG_MANGLE = (1 << 1),
+};
+
 const struct fw3_option fw3_zone_opts[] = {
 	FW3_OPT("enabled",             bool,     zone,     enabled),
 
@@ -79,7 +84,7 @@ const struct fw3_option fw3_zone_opts[] = {
 	FW3_OPT("mtu_fix",             bool,     zone,     mtu_fix),
 	FW3_OPT("custom_chains",       bool,     zone,     custom_chains),
 
-	FW3_OPT("log",                 bool,     zone,     log),
+	FW3_OPT("log",                 int,      zone,     log),
 	FW3_OPT("log_limit",           limit,    zone,     log_limit),
 
 	FW3_OPT("auto_helper",         bool,     zone,     auto_helper),
@@ -496,7 +501,7 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	{
 		if (zone->mtu_fix)
 		{
-			if (zone->log)
+			if (zone->log & FW3_ZONE_LOG_MANGLE)
 			{
 				snprintf(buf, sizeof(buf) - 1, "MSSFIX(%s): ", zone->name);
 
@@ -629,7 +634,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 		                     fw3_flag_names[zone->policy_output]);
 		fw3_ipt_rule_append(r, "zone_%s_output", zone->name);
 
-		if (zone->log)
+		if (zone->log & FW3_ZONE_LOG_FILTER)
 		{
 			for (t = FW3_FLAG_REJECT; t <= FW3_FLAG_DROP; t++)
 			{
-- 
2.11.0