fix Razor macro

[pve-firewall.git] / src / PVE / Firewall.pm

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 5d6de8675f99eebc8b1929b9a8994b1a9a61271b..ba1cb5f5924af094fe647f98d40e2703eca96ff4 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -423,7 +423,7 @@ my $pve_fw_macros = {
     ],
     'Razor' => [
        "Razor Antispam System",
-       { action => 'ACCEPT', proto => 'tcp', dport => '2703' },
+       { action => 'PARAM', proto => 'tcp', dport => '2703' },
     ],
     'Rdate' => [
        "Remote time retrieval (rdate)",
@@ -1248,6 +1248,12 @@ our $host_option_properties = {
        default => 0,
        optional => 1,
     },
+    log_nf_conntrack => {
+       description => "Enable logging of conntrack information.",
+       type => 'boolean',
+       default => 0,
+       optional => 1
+    },
 };
 
 our $vm_option_properties = {
@@ -2011,8 +2017,8 @@ sub ipt_rule_to_cmds {
     }
 
     my @iptcmds;
-    if ($rule->{log} && $rule->{log} ne 'nolog') {
-       my $log = $rule->{log};
+    my $log = $rule->{log};
+    if (defined($log) && $log ne 'nolog') {
        my $loglevel = $log_level_hash->{$log};
        my $logaction = get_log_rule_base($chain, $vmid, $rule->{logmsg}, $loglevel);
        push @iptcmds, "-A $chain $matchstr $logaction";