Remove redundant logging of packets passing the tap chain. master
authorChristian Ebner <c.ebner@proxmox.com>
Wed, 15 May 2019 15:09:13 +0000 (17:09 +0200)
committerWolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 16 May 2019 07:55:16 +0000 (09:55 +0200)
Incomming and outgoing packets passing the firewall bridge were unneccessarily
logged, leading to double entries.
The first log entry occurred when passing the bridge, the second when the packets
fate was decided (ACCEPT/DROP/REJECT).

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
src/PVE/Firewall.pm

index f84e6d9..abcc1e8 100644 (file)
@@ -2387,10 +2387,10 @@ sub generate_tap_rules_direction {
     # plug the tap chain to bridge chain
     if ($direction eq 'IN') {
        ruleset_addrule($ruleset, "PVEFW-FWBR-IN",
-                       "-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain", $loglevel, 'FWBR-IN: ', $vmid);
+                       "-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain");
     } else {
        ruleset_addrule($ruleset, "PVEFW-FWBR-OUT",
-                       "-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain", $loglevel, 'FWBR-OUT: ', $vmid);
+                       "-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain");
     }
 }