+ my ($ruleset, $options) = @_;
+
+ my $loglevel = get_option_log_level($options, 'smurf_log_level');
+
+ # same as shorewall smurflog.
+ if (defined($loglevel)) {
+ $pve_std_chains-> {'PVEFW-smurflog'} = [
+ "-j LOG --log-prefix \"smurfs-dropped\" --log-level $loglevel",
+ "-j DROP",
+ ];
+ } else {
+ $pve_std_chains-> {'PVEFW-smurflog'} = [ "-j DROP" ];
+ }
+
+ # same as shorewall logflags action.
+ $loglevel = get_option_log_level($options, 'tcp_flags_log_level');
+ if (defined($loglevel)) {
+ $pve_std_chains-> {'PVEFW-logflags'} = [
+ "-j LOG --log-prefix \"logflags-dropped:\" --log-level $loglevel --log-ip-options",
+ "-j DROP",
+ ];
+ } else {
+ $pve_std_chains-> {'PVEFW-logflags'} = [ "-j DROP" ];
+ }