use chains from previous commit to reduce logging

author Dietmar Maurer <dietmar@proxmox.com>

Wed, 26 Feb 2014 12:00:43 +0000 (13:00 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Wed, 26 Feb 2014 12:00:43 +0000 (13:00 +0100)
author Dietmar Maurer <dietmar@proxmox.com>
Wed, 26 Feb 2014 12:00:43 +0000 (13:00 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Wed, 26 Feb 2014 12:00:43 +0000 (13:00 +0100)
diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm

index 081b35098b3b7c4947391962fb9ff472f3d9f248..ef9d136d43058d83b912995bb65b4ea080a77daa 100644 (file)
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -846,11 +846,13 @@ sub generate_tap_rules_direction {
             ruleset_addrule($ruleset, $tapchain, "-j ACCEPT");
         }
      } elsif ($policy eq 'DROP') {
+       ruleset_addrule($ruleset, $tapchain, "-j PVEFW-Drop");
         ruleset_addrule($ruleset, $tapchain, "-j LOG --log-prefix \"$tapchain-dropped: \" --log-level 4");
         ruleset_addrule($ruleset, $tapchain, "-j DROP");
      } elsif ($policy eq 'REJECT') {
+       ruleset_addrule($ruleset, $tapchain, "-j PVEFW-Reject");
         ruleset_addrule($ruleset, $tapchain, "-j LOG --log-prefix \"$tapchain-reject: \" --log-level 4");
-       ruleset_addrule($ruleset, $tapchain, "-j REJECT");
+       ruleset_addrule($ruleset, $tapchain, "-g PVEFW-reject");
      } else {
         # should not happen
         die "internal error: unknown policy '$policy'";
author	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 26 Feb 2014 12:00:43 +0000 (13:00 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 26 Feb 2014 12:00:43 +0000 (13:00 +0100)