Sections of type `rule` and type `redirect` may now specify
`option log value` to enable logging matched traffic for the
corresponding rule/redirect.
The value may be either a string, in which case it is used as log prefix
verbatim or a boolean value (`1`, `on`, `true`, `yes`, `0`, `off`, `false`
or `no`).
In case a boolean false value is specified (the default), no logging is
performed. In case a true boolean value is specified, matched traffic is
logged and the rule's name (or uci section id i ncase the name is absent)
is used as log prefix.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
}} @{{ redirect.ipset.name }} {%+ endif -%}
{%+ if (redirect.counter): -%}
counter {%+ endif -%}
}} @{{ redirect.ipset.name }} {%+ endif -%}
{%+ if (redirect.counter): -%}
counter {%+ endif -%}
+{%+ if (redirect.log): -%}
+ log prefix {{ fw4.quote(redirect.log, true) }} {%+ endif -%}
{% if (redirect.target == "redirect"): -%}
redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
{%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
{% if (redirect.target == "redirect"): -%}
redirect{% if (redirect.rport): %} to {{ fw4.port(redirect.rport) }}{% endif %}
{%- elif (redirect.target == "accept" || redirect.target == "masquerade"): -%}
set_dscp: [ "dscp", null, NO_INVERT ],
counter: [ "bool", "1" ],
set_dscp: [ "dscp", null, NO_INVERT ],
counter: [ "bool", "1" ],
+ switch (this.parse_bool(rule.log)) {
+ case true:
+ rule.log = rule.name;
+ break;
+
+ case false:
+ delete rule.log;
+ }
+
let ipset;
if (rule.ipset) {
let ipset;
if (rule.ipset) {
reflection_zone: [ "zone_ref", null, PARSE_LIST ],
counter: [ "bool", "1" ],
reflection_zone: [ "zone_ref", null, PARSE_LIST ],
counter: [ "bool", "1" ],
target: [ "target", "dnat" ]
});
target: [ "target", "dnat" ]
});
+ switch (this.parse_bool(redir.log)) {
+ case true:
+ redir.log = redir.name;
+ break;
+
+ case false:
+ delete redir.log;
+ }
+
let ipset;
if (redir.ipset) {
let ipset;
if (redir.ipset) {
redir.dest.zone.dflags[redir.target] = true;
}
redir.dest.zone.dflags[redir.target] = true;
}
let add_rule = (family, proto, saddrs, daddrs, raddrs, sport, dport, rport, ipset, redir) => {
let r = {
...redir,
let add_rule = (family, proto, saddrs, daddrs, raddrs, sport, dport, rport, ipset, redir) => {
let r = {
...redir,
projects / project / firewall4.git / commitdiff