Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
reduce output to the log file.
Further, only some dropped or rejected packets are logged for the standard rules.
reduce output to the log file.
Further, only some dropped or rejected packets are logged for the standard rules.
+// TODO: describe standard/default rules and note which of them get logged
+
In order to log packets filtered by user-defined firewall rules, it is possible
to set a log-level parameter for each rule individually.
This allows to log in a fine grained manner and independent of the log-level
In order to log packets filtered by user-defined firewall rules, it is possible
to set a log-level parameter for each rule individually.
This allows to log in a fine grained manner and independent of the log-level
-defined for the standard rules.
-In particular, each rule is logged independently from the log-level set for the
-standard rules in the firewall `Options`.
+defined for the standard rules in the firewall `Options`.
The log level for the rule can also be set via the firewall configuration file by
appending a `-log <loglevel>` to the selected rule.
The log level for the rule can also be set via the firewall configuration file by
appending a `-log <loglevel>` to the selected rule.
-Here, `<loglevel>` is one of the following flags, attached to the log output:
+Here, `<loglevel>` is one of the following flags:
`nolog, emerg, alert, crit, err, warning, notice, info, debug`
`nolog, emerg, alert, crit, err, warning, notice, info, debug`
+For example, the following two are ident:
----
IN REJECT -p icmp -log nolog
----
IN REJECT -p icmp -log nolog
-----
-
-is the same as
-
-----
projects / pve-docs.git / commitdiff