Merge pull request #1575 from sarthurdev/firewall_state_log

firewall: T3907: Fix firewall state-policy logging
author: Christian Poessinger <christian@poessinger.com> 2022-10-10 08:52:37 +0200
committer: GitHub <noreply@github.com> 2022-10-10 08:52:37 +0200
commit: 8bd4c4136a248eebdd6d59f8132d394cc1033c29 (patch)
tree: 7e73625589fe055f43fcb3d7c6de89be31463dc7 /python
parent: 72c97ec2cb868b6208621566678dd42791e8e5c7 (diff)
parent: 9ab63d484741b513894f16e4925f164f0264789c (diff)
download: vyos-1x-8bd4c4136a248eebdd6d59f8132d394cc1033c29.tar.gz
vyos-1x-8bd4c4136a248eebdd6d59f8132d394cc1033c29.zip
1 files changed, 9 insertions, 4 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 0870a0523..2a4135f9e 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -566,12 +566,17 @@ def nft_default_rule(fw_conf, fw_name, ipv6=False):
     return " ".join(output)
 
 @register_filter('nft_state_policy')
-def nft_state_policy(conf, state, ipv6=False):
+def nft_state_policy(conf, state):
     out = [f'ct state {state}']
 
-    if 'log' in conf:
-        log_level = conf['log']
-        out.append(f'log level {log_level}')
+    if 'log' in conf and 'enable' in conf['log']:
+        log_state = state[:3].upper()
+        log_action = (conf['action'] if 'action' in conf else 'accept')[:1].upper()
+        out.append(f'log prefix "[STATE-POLICY-{log_state}-{log_action}]"')
+
+        if 'log_level' in conf:
+            log_level = conf['log_level']
+            out.append(f'level {log_level}')
 
     out.append('counter')
author	Christian Poessinger <christian@poessinger.com>	2022-10-10 08:52:37 +0200
committer	GitHub <noreply@github.com>	2022-10-10 08:52:37 +0200
commit	8bd4c4136a248eebdd6d59f8132d394cc1033c29 (patch)
tree	7e73625589fe055f43fcb3d7c6de89be31463dc7 /python
parent	72c97ec2cb868b6208621566678dd42791e8e5c7 (diff)
parent	9ab63d484741b513894f16e4925f164f0264789c (diff)
download	vyos-1x-8bd4c4136a248eebdd6d59f8132d394cc1033c29.tar.gz vyos-1x-8bd4c4136a248eebdd6d59f8132d394cc1033c29.zip