From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 26 Feb 2014 12:00:43 +0000 (+0100)
Subject: use chains from previous commit to reduce logging
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=25c7b224a92c7eb81cabcdad67ec99b7fa124660

use chains from previous commit to reduce logging
---

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 081b350..ef9d136 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -846,11 +846,13 @@ sub generate_tap_rules_direction {
 	    ruleset_addrule($ruleset, $tapchain, "-j ACCEPT");
 	}
     } elsif ($policy eq 'DROP') {
+	ruleset_addrule($ruleset, $tapchain, "-j PVEFW-Drop");
 	ruleset_addrule($ruleset, $tapchain, "-j LOG --log-prefix \"$tapchain-dropped: \" --log-level 4");
 	ruleset_addrule($ruleset, $tapchain, "-j DROP");
     } elsif ($policy eq 'REJECT') {
+	ruleset_addrule($ruleset, $tapchain, "-j PVEFW-Reject");
 	ruleset_addrule($ruleset, $tapchain, "-j LOG --log-prefix \"$tapchain-reject: \" --log-level 4");
-	ruleset_addrule($ruleset, $tapchain, "-j REJECT");
+	ruleset_addrule($ruleset, $tapchain, "-g PVEFW-reject");
     } else {
 	# should not happen
 	die "internal error: unknown policy '$policy'";