Remove redundant logging of packets passing the tap chain.

Incomming and outgoing packets passing the firewall bridge were unneccessarily
logged, leading to double entries.
The first log entry occurred when passing the bridge, the second when the packets
fate was decided (ACCEPT/DROP/REJECT).

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index f84e6d9b0852228e3f352b65b288913d3e702aa9..abcc1e858ebb34d87f262e90a45f40d971c4f987 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2387,10 +2387,10 @@ sub generate_tap_rules_direction {
     # plug the tap chain to bridge chain
     if ($direction eq 'IN') {
        ruleset_addrule($ruleset, "PVEFW-FWBR-IN",
-                       "-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain", $loglevel, 'FWBR-IN: ', $vmid);
+                       "-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain");
     } else {
        ruleset_addrule($ruleset, "PVEFW-FWBR-OUT",
-                       "-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain", $loglevel, 'FWBR-OUT: ', $vmid);
+                       "-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain");
     }
 }