diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-07 20:48:13 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-10-09 22:15:21 +0200 |
| commit | 9ab63d484741b513894f16e4925f164f0264789c (patch) | |
| tree | 8d69bf3d2ffff17534d6d2226c6a105bfe4998bb /python | |
| parent | bb4901773df9682b67081dda5baf0cb39c742d1e (diff) | |
| download | vyos-1x-9ab63d484741b513894f16e4925f164f0264789c.tar.gz vyos-1x-9ab63d484741b513894f16e4925f164f0264789c.zip | |
firewall: T3907: Fix firewall state-policy logging
When log-level was introduced node `state-policy x log` was removed without migrator. This commit adds it back and improves log handling.
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/template.py | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py index 0870a0523..2a4135f9e 100644 --- a/python/vyos/template.py +++ b/python/vyos/template.py @@ -566,12 +566,17 @@ def nft_default_rule(fw_conf, fw_name, ipv6=False): return " ".join(output) @register_filter('nft_state_policy') -def nft_state_policy(conf, state, ipv6=False): +def nft_state_policy(conf, state): out = [f'ct state {state}'] - if 'log' in conf: - log_level = conf['log'] - out.append(f'log level {log_level}') + if 'log' in conf and 'enable' in conf['log']: + log_state = state[:3].upper() + log_action = (conf['action'] if 'action' in conf else 'accept')[:1].upper() + out.append(f'log prefix "[STATE-POLICY-{log_state}-{log_action}]"') + + if 'log_level' in conf: + log_level = conf['log_level'] + out.append(f'level {log_level}') out.append('counter') |