Modify

Opened 3 years ago

#18494 new enhancement

add option to ignore log for drop/reject firewall rules

Reported by: luizluca@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

Hello,

OpenWRT allows to enable log for DROPped/REJECTed packages in a zone. This is an interesting feature in order to monitor non-authorized access attempts.
However, between all blocked traffic, there is some of them that is not important (like some broadcast/multicast pkgs) in spite of being rejected. For these known cases, it would be interesting to ignore the log in order to keep log messages only for important cases.

OpenWRT firewall does not allow the user to disable log for a specific traffic rule. It only enables it for all or no rules. It would be interesting to have a log option for each rule with 3 possible states (even for ACCEPT targets):

  • option log yes
  • option log no
  • option log keep/default (the default log value if option is missing)

The first would log even if logging for this zone is disabled. The seconds will ignore logging even if the zone logging is enabled and the last one (default one), will respect what zone logging config is.

Attachments (0)

Change History (0)

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.