forked from DGNum/liminix
improve firewall log format
This commit is contained in:
parent
a9ea01428e
commit
87f6a31a06
1 changed files with 9 additions and 3 deletions
|
@ -97,7 +97,7 @@ in {
|
||||||
(accept "oifname \"int\" iifname \"ppp0\" ct state established,related")
|
(accept "oifname \"int\" iifname \"ppp0\" ct state established,related")
|
||||||
(accept "iifname \"int\" oifname \"ppp0\" ")
|
(accept "iifname \"int\" oifname \"ppp0\" ")
|
||||||
|
|
||||||
"log prefix \"denied forward-ip6 \""
|
"log prefix \"DENIED CHAIN=forward-ip6 \""
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ in {
|
||||||
# how does this even make sense in an input chain?
|
# how does this even make sense in an input chain?
|
||||||
(accept "oifname \"int\" iifname \"ppp0\" ct state established,related")
|
(accept "oifname \"int\" iifname \"ppp0\" ct state established,related")
|
||||||
(accept "iifname \"int\" oifname \"ppp0\" ")
|
(accept "iifname \"int\" oifname \"ppp0\" ")
|
||||||
"log prefix \"denied input-ip6 \""
|
"log prefix \"DENIED CHAIN=input-ip6 \""
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -174,6 +174,11 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# these chains are for rules that have to be present for things to
|
||||||
|
# basically work at all: for example, the router won't issue DHCP
|
||||||
|
# unless it's allowed to receive DHCP requests. For "site policy"
|
||||||
|
# rules you may prefer to use incoming-allowed-ip[46] instead
|
||||||
|
|
||||||
input-ip4-lan = {
|
input-ip4-lan = {
|
||||||
type = "filter";
|
type = "filter";
|
||||||
family = "ip";
|
family = "ip";
|
||||||
|
@ -203,6 +208,7 @@ in {
|
||||||
"iifname ppp0 jump input-ip4-wan"
|
"iifname ppp0 jump input-ip4-wan"
|
||||||
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
|
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
|
||||||
"ct state vmap established,related accept"
|
"ct state vmap established,related accept"
|
||||||
|
"log prefix \"DENIED CHAIN=input-ip4 \""
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -215,7 +221,7 @@ in {
|
||||||
"iifname \"int\" accept"
|
"iifname \"int\" accept"
|
||||||
"ct state vmap { established : accept, related : accept, invalid : drop }"
|
"ct state vmap { established : accept, related : accept, invalid : drop }"
|
||||||
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
|
"oifname \"int\" iifname \"ppp0\" jump incoming-allowed-ip4"
|
||||||
"log prefix \"denied forward-ip4 \""
|
"log prefix \"DENIED CHAIN=forward-ip4 \""
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue