From 6278ce9b7cb2060c8226a60ccbdb580a0d8a3fb5 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Tue, 26 Dec 2023 19:19:10 -0600 Subject: firewall: T5834: Add support for default log for route policy One can now do `set policy route foo default-log` which will add log to the policy route chain. --- data/templates/firewall/nftables-policy.j2 | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'data/templates/firewall') diff --git a/data/templates/firewall/nftables-policy.j2 b/data/templates/firewall/nftables-policy.j2 index d77e3f6e9..9e28899b0 100644 --- a/data/templates/firewall/nftables-policy.j2 +++ b/data/templates/firewall/nftables-policy.j2 @@ -27,6 +27,9 @@ table ip vyos_mangle { {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule('route', route_text, rule_id, 'ip') }} {% endfor %} +{% endif %} +{% if conf.default_log is vyos_defined %} + counter log prefix "[ipv4-{{ (route_text)[:19] }}-default]" {% endif %} } {% endfor %} @@ -56,6 +59,9 @@ table ip6 vyos_mangle { {% for rule_id, rule_conf in conf.rule.items() if rule_conf.disable is not vyos_defined %} {{ rule_conf | nft_rule('route6', route_text, rule_id, 'ip6') }} {% endfor %} +{% endif %} +{% if conf.default_log is vyos_defined %} + counter log prefix "[ipv6-{{ (route_text)[:19] }}-default]" {% endif %} } {% endfor %} -- cgit v1.2.3