>>BTW, are you sure that's it's only limiting logging ? What happen on an >>ACCEPT log for example ? sorry, respond to my myself, it's only applied on -j LOG, so it's ok.
----- Mail original ----- De: "aderumier" <aderum...@odiso.com> À: "pve-devel" <pve-devel@pve.proxmox.com> Envoyé: Mardi 19 Mars 2019 16:09:56 Objet: Re: [pve-devel] applied: [RFC v2 firewall 1/1] fix: #2123 Logging of user defined firewall rules Hi, Nice work ! Could we have an option to disable rate limit or configure it (host option for example) The patch change the current behaviour on default vm log action, where we don't have limit currently. (and I really need to log all dropped/reject) BTW, are you sure that's it's only limiting logging ? What happen on an ACCEPT log for example ? Alexandre ----- Mail original ----- De: "Thomas Lamprecht" <t.lampre...@proxmox.com> À: "pve-devel" <pve-devel@pve.proxmox.com>, "Christian Ebner" <c.eb...@proxmox.com> Envoyé: Mardi 19 Mars 2019 14:40:22 Objet: [pve-devel] applied: [RFC v2 firewall 1/1] fix: #2123 Logging of user defined firewall rules On 3/18/19 5:05 PM, Christian Ebner wrote: > This allows a user to log traffic filtered by a self defined firewall rule. > Therefore the API is extended to include a 'log' option allow to specify the > log level for each rule individually. > > The 'log' option can also be specified in the fw config. In order to reduce > the > log amount, logging is limited to 1 entry per second. > > For now the rule has to be created or edited via the pvesh API call or via > the > firewall config in order to set the log level. > > Signed-off-by: Christian Ebner <c.eb...@proxmox.com> > --- > > Version 2: > * Added missing $logmsg to PVEFW-FWBRR-IN and PVEFW-FWBR-OUT rules > * Added '--limit-burst 1' to rate limit NFLOG to 1 packet per second > > src/PVE/API2/Firewall/Rules.pm | 3 ++ > src/PVE/Firewall.pm | 63 +++++++++++++++++++++++++----------------- > 2 files changed, 40 insertions(+), 26 deletions(-) > applied, with a followup to change the burst limit back to the default of 5. Thanks! _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel