summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-05-21 19:39:54 +0200
committerChristian Poessinger <christian@poessinger.com>2022-05-21 19:39:54 +0200
commite9669ec5c8ca6ee63e7eb80a1581911866147082 (patch)
tree756c6b3b7f656e90cc554187bc32645bd9789dbe /src
parent2bdcd70005660ca94468a30b921dcb8796e392c2 (diff)
downloadvyos-1x-e9669ec5c8ca6ee63e7eb80a1581911866147082.tar.gz
vyos-1x-e9669ec5c8ca6ee63e7eb80a1581911866147082.zip
flow-accounting: T4437: also install rule to IPv6 VYOS_CT_PREROUTING_HOOK
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/flow_accounting_conf.py3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/conf_mode/flow_accounting_conf.py b/src/conf_mode/flow_accounting_conf.py
index 7f7a98b04..9fc7e204a 100755
--- a/src/conf_mode/flow_accounting_conf.py
+++ b/src/conf_mode/flow_accounting_conf.py
@@ -109,6 +109,9 @@ def _nftables_config(configured_ifaces, direction, length=None):
iface_prefix = "o" if direction == "egress" else "i"
rule_definition = f'{iface_prefix}ifname "{iface}" counter log group 2 snaplen {length} queue-threshold 100 comment "FLOW_ACCOUNTING_RULE"'
nftable_commands.append(f'nft insert rule {nftables_table} {nftables_chain} {rule_definition}')
+ # Also add IPv6 ingres logging
+ if nftables_table == nftables_nflog_table:
+ nftable_commands.append(f'nft insert rule ip6 {nftables_table} {nftables_chain} {rule_definition}')
# change nftables
for command in nftable_commands: