default => 0,
optional => 1,
},
+ log_nf_conntrack => {
+ description => "Enable logging of conntrack information.",
+ type => 'boolean',
+ default => 0,
+ optional => 1
+ },
};
our $vm_option_properties = {
}
my @iptcmds;
- if ($rule->{log} && $rule->{log} ne 'nolog') {
- my $log = $rule->{log};
+ my $log = $rule->{log};
+ if (defined($log) && $log ne 'nolog') {
my $loglevel = $log_level_hash->{$log};
my $logaction = get_log_rule_base($chain, $vmid, $rule->{logmsg}, $loglevel);
push @iptcmds, "-A $chain $matchstr $logaction";
# Note: we use special format for prefix to pass further
# info to log daemon (VMID, LOGLEVEL and CHAIN)
- return "-m limit --limit 1/sec --limit-burst 1 -j NFLOG --nflog-prefix \":$vmid:$loglevel:$chain: $msg\"";
+ return "-m limit --limit 1/sec -j NFLOG --nflog-prefix \":$vmid:$loglevel:$chain: $msg\"";
}
sub ruleset_add_chain_policy {