From 468984d7cde4039143d3fc90bffc3eac2f2e05d1 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Tue, 26 Dec 2023 19:19:10 -0600
Subject: firewall: T5834: Add support for default log for route policy

One can now do `set policy route foo default-log` which will add log
to the policy route chain.

(cherry picked from commit 6278ce9b7cb2060c8226a60ccbdb580a0d8a3fb5)
---
 data/templates/firewall/nftables-policy.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'data')

diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2
index d77e3f6e9..9e28899b0 100644
--- a/data/templates/firewall/nftables-policy.j2
+++ b/data/templates/firewall/nftables-policy.j2
@@ -27,6 +27,9 @@ table ip vyos_mangle {
 {%             for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
         {{ rule_conf | nft_rule('route', route_text, rule_id, 'ip') }}
 {%             endfor %}
+{%         endif %}
+{%         if conf.default_log is vyos_defined %}
+        counter log prefix "[ipv4-{{ (route_text)[:19] }}-default]"
 {%         endif %}
     }
 {%     endfor %}
@@ -56,6 +59,9 @@ table ip6 vyos_mangle {
 {%             for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %}
         {{ rule_conf | nft_rule('route6', route_text, rule_id, 'ip6') }}
 {%             endfor %}
+{%         endif %}
+{%         if conf.default_log is vyos_defined %}
+        counter log prefix "[ipv6-{{ (route_text)[:19] }}-default]"
 {%         endif %}
     }
 {%     endfor %}
-- 
cgit v1.2.3