#18494: add option to ignore log for drop/reject firewall rules
-------------------------+------------------------
Reporter: luizluca@… | Owner: developers
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: packages | Version: Trunk
Keywords: |
-------------------------+------------------------
Hello,
OpenWRT allows to enable log for DROPped/REJECTed packages in a zone. This
is an interesting feature in order to monitor non-authorized access
attempts.
However, between all blocked traffic, there is some of them that is not
important (like some broadcast/multicast pkgs) in spite of being rejected.
For these known cases, it would be interesting to ignore the log in order
to keep log messages only for important cases.
OpenWRT firewall does not allow the user to disable log for a specific
traffic rule. It only enables it for all or no rules. It would be
interesting to have a log option for each rule with 3 possible states
(even for ACCEPT targets):
* option log yes
* option log no
* option log keep/default (the default log value if option is missing)
The first would log even if logging for this zone is disabled. The seconds
will ignore logging even if the zone logging is enabled and the last one
(default one), will respect what zone logging config is.
--
Ticket URL: <https://dev.openwrt.org/ticket/18494>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
