[Firehol-support] Per rule/interface logging
Phil Whineray
phil at firehol.org
Sat Nov 12 22:48:40 GMT 2016
On Sun, Nov 13, 2016 at 12:32:16AM +0200, Paul Roland wrote:
> I see, thank you for the information. I will look into ulogd how to
> shape the log.
> Meanwhile, could you please give me an example of an rule that drop
> but does not log. I can turn un logging anytime but for that interface
> it is not needed at all
No rules log, unless you add the keyword them to, so overall the
solution would look something like this:
interface myif eth0
client all accept
server ssh accept
server anystateless nolog drop
# Logging happens implicitly for any packet that gets here in the
# rules (none ever will now)
#next_interface_or_router
I used the anystateless service because it makes slightly less rules
in the generated table than "all" or "any" but it looks a little odd
because it demands an extra parameter to give it a name:
https://firehol.org/firehol-manual/firehol-services/#service-anystateless
Cheers
Phil
More information about the Firehol-support
mailing list