diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-05-21 19:39:54 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2022-05-21 19:39:54 +0200 |
commit | e9669ec5c8ca6ee63e7eb80a1581911866147082 (patch) | |
tree | 756c6b3b7f656e90cc554187bc32645bd9789dbe | |
parent | 2bdcd70005660ca94468a30b921dcb8796e392c2 (diff) | |
download | vyos-1x-e9669ec5c8ca6ee63e7eb80a1581911866147082.tar.gz vyos-1x-e9669ec5c8ca6ee63e7eb80a1581911866147082.zip |
flow-accounting: T4437: also install rule to IPv6 VYOS_CT_PREROUTING_HOOK
-rwxr-xr-x | src/conf_mode/flow_accounting_conf.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py index 7f7a98b04..9fc7e204a 100755 --- a/src/conf_mode/flow_accounting_conf.py +++ b/src/conf_mode/flow_accounting_conf.py @@ -109,6 +109,9 @@ def _nftables_config(configured_ifaces, direction, length=None): iface_prefix = "o" if direction == "egress" else "i" rule_definition = f'{iface_prefix}ifname "{iface}" counter log group 2 snaplen {length} queue-threshold 100 comment "FLOW_ACCOUNTING_RULE"' nftable_commands.append(f'nft insert rule {nftables_table} {nftables_chain} {rule_definition}') + # Also add IPv6 ingres logging + if nftables_table == nftables_nflog_table: + nftable_commands.append(f'nft insert rule ip6 {nftables_table} {nftables_chain} {rule_definition}') # change nftables for command in nftable_commands: |