From 73b78e5efba1c8a919d901549a7c273f04856f7c Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 19 Mar 2019 14:46:40 +0100 Subject: [PATCH] =?UTF-8?q?followup=20f=C3=ADxes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Lamprecht --- pve-firewall.adoc | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/pve-firewall.adoc b/pve-firewall.adoc index 555e90e..69ababb 100644 --- a/pve-firewall.adoc +++ b/pve-firewall.adoc @@ -415,27 +415,22 @@ Logging of dropped packets is rate limited to 1 packet per second in order to reduce output to the log file. Further, only some dropped or rejected packets are logged for the standard rules. +// TODO: describe standard/default rules and note which of them get logged + In order to log packets filtered by user-defined firewall rules, it is possible to set a log-level parameter for each rule individually. This allows to log in a fine grained manner and independent of the log-level -defined for the standard rules. -In particular, each rule is logged independently from the log-level set for the -standard rules in the firewall `Options`. +defined for the standard rules in the firewall `Options`. The log level for the rule can also be set via the firewall configuration file by appending a `-log ` to the selected rule. -Here, `` is one of the following flags, attached to the log output: +Here, `` is one of the following flags: `nolog, emerg, alert, crit, err, warning, notice, info, debug` -For example: +For example, the following two are ident: ---- IN REJECT -p icmp -log nolog ----- - -is the same as - ----- IN REJECT -p icmp ----