add 'log_nf_conntrack' option description

[pve-firewall.git] / src / PVE / Firewall.pm

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 5d6de8675f99eebc8b1929b9a8994b1a9a61271b..f294d365545facc005c3a6195ba699eaf4674bce 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1248,6 +1248,12 @@ our $host_option_properties = {
        default => 0,
        optional => 1,
     },
+    log_nf_conntrack => {
+       description => "Enable logging of conntrack information.",
+       type => 'boolean',
+       default => 0,
+       optional => 1
+    },
 };
 
 our $vm_option_properties = {
@@ -2011,8 +2017,8 @@ sub ipt_rule_to_cmds {
     }
 
     my @iptcmds;
-    if ($rule->{log} && $rule->{log} ne 'nolog') {
-       my $log = $rule->{log};
+    my $log = $rule->{log};
+    if (defined($log) && $log ne 'nolog') {
        my $loglevel = $log_level_hash->{$log};
        my $logaction = get_log_rule_base($chain, $vmid, $rule->{logmsg}, $loglevel);
        push @iptcmds, "-A $chain $matchstr $logaction";