vidhar: loglevels

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-01-06 23:05:39 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-01-06 23:05:39 +0100
commit: 0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb (patch)
tree: 4884ad615ea5934feaa4f357ee6aad369c734844 /hosts/vidhar/network
parent: 6d1976650051a5dea38412a9f06c6c637d3b900b (diff)
download: nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar
nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar.gz
nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar.bz2
nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar.xz
nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index bdd847db..980cbdc6 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -126,7 +126,7 @@ table inet filter {
    policy drop
-    ct state invalid log prefix "drop invalid forward: " counter name invalid-fw drop
+    ct state invalid log level notice prefix "drop invalid forward: " counter name invalid-fw drop
    iifname lo counter name fw-lo accept
@@ -138,8 +138,8 @@ table inet filter {
-    limit name lim_reject log prefix "drop forward: " counter name reject-ratelimit-fw drop
+    limit name lim_reject log level notice prefix "drop forward: " counter name reject-ratelimit-fw drop
-    log prefix "reject forward: " counter name reject-fw
+    log level info prefix "reject forward: " counter name reject-fw
    meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset
    ct state new counter name reject-icmp-fw reject
  }
@@ -149,7 +149,7 @@ table inet filter {
    policy drop
-    ct state invalid log prefix "drop invalid input: " counter name invalid-rx drop
+    ct state invalid log level notice prefix "drop invalid input: " counter name invalid-rx drop
    
    iifname lo counter name rx-lo accept
@@ -184,8 +184,8 @@ table inet filter {
    ct state {established, related} counter name established-rx accept
-    limit name lim_reject log prefix "drop input: " counter name reject-ratelimit-rx drop
+    limit name lim_reject log level notice prefix "drop input: " counter name reject-ratelimit-rx drop
-    log prefix "reject input: " counter name reject-rx
+    log level info prefix "reject input: " counter name reject-rx
    meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset
    ct state new counter name reject-icmp-rx reject
  }
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-01-06 23:05:39 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-01-06 23:05:39 +0100
commit	0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb (patch)
tree	4884ad615ea5934feaa4f357ee6aad369c734844 /hosts/vidhar/network
parent	6d1976650051a5dea38412a9f06c6c637d3b900b (diff)
download	nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar.gz nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar.bz2 nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.tar.xz nixos-0ba09e3cb005fe04550d744de0ddc7a4e85f8aeb.zip

diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index bdd847db..980cbdc6 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -126,7 +126,7 @@ table inet filter {
126	policy drop	126	policy drop
127		127
128		128
129	ct state invalid log prefix "drop invalid forward: " counter name invalid-fw drop	129	ct state invalid log level notice prefix "drop invalid forward: " counter name invalid-fw drop
130		130
131		131
132	iifname lo counter name fw-lo accept	132	iifname lo counter name fw-lo accept
@@ -138,8 +138,8 @@ table inet filter {
138		138
139		139
140		140
141	limit name lim_reject log prefix "drop forward: " counter name reject-ratelimit-fw drop	141	limit name lim_reject log level notice prefix "drop forward: " counter name reject-ratelimit-fw drop
142	log prefix "reject forward: " counter name reject-fw	142	log level info prefix "reject forward: " counter name reject-fw
143	meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset	143	meta l4proto tcp ct state new counter name reject-tcp-fw reject with tcp reset
144	ct state new counter name reject-icmp-fw reject	144	ct state new counter name reject-icmp-fw reject
145	}	145	}
@@ -149,7 +149,7 @@ table inet filter {
149	policy drop	149	policy drop
150		150
151		151
152	ct state invalid log prefix "drop invalid input: " counter name invalid-rx drop	152	ct state invalid log level notice prefix "drop invalid input: " counter name invalid-rx drop
153		153
154		154
155	iifname lo counter name rx-lo accept	155	iifname lo counter name rx-lo accept
@@ -184,8 +184,8 @@ table inet filter {
184	ct state {established, related} counter name established-rx accept	184	ct state {established, related} counter name established-rx accept
185		185
186		186
187	limit name lim_reject log prefix "drop input: " counter name reject-ratelimit-rx drop	187	limit name lim_reject log level notice prefix "drop input: " counter name reject-ratelimit-rx drop
188	log prefix "reject input: " counter name reject-rx	188	log level info prefix "reject input: " counter name reject-rx
189	meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset	189	meta l4proto tcp ct state new counter name reject-tcp-rx reject with tcp reset
190	ct state new counter name reject-icmp-rx reject	190	ct state new counter name reject-icmp-rx reject
191	}	191	}