In Log, is it very difficult to add a "rule name"

Continuing the discussion from Firewall Rule Name for logging:

Hello together,

I would support this for usability/ergonomic reasons.

Is it very difficult to implement, to additional log a „rule name“ and also if it‘s an ALLOW- or a DENY-rule which is hit!?

Kind regards
Alex

Hello again,

I‘m no experienced ipfire- or linux-user, but I just digged a little bit deeper and changed the log-prefix in /usr/lib/firewall/rules.pl in line 603.

I changed it from ‘$chain‘ to ‘$chain\_$key‘ and now I get the rule-number in the logging.

I checked the cgi‘s to not break anything, but haven‘t found anything yet.
Messages and also iptables -L seems well.

Can somebody of the developers confirm, that this ‚patch’ doesn‘t break anything important??

Thanks and kind regards
Alex

1 Like

Just being curious: since line 603 in /usr/lib/firewall/rules.pl (Core 174) is actually empty - which line(s) exactly did you change?

Best,
Matthias

2 Likes

Hello Matthias,

sorry - it could also be line 602 - i used vi (-:
Find a screenshot attached what was added and how it looks like in the logging…

(sure that’s not perfect, and I would wish some real integration, but at the moment it’s okay for me to find the rules, which has been hit …)

regards
alex


1 Like

maybe line 606.

I do like what you added!

1 Like

ah… yes - thanks @Jon
it’s 606

I didn’t get, that @mfischer linked to git…

the problem with this is, that everytime the rules change in order, the corresponding log-entry changes as well… so it’s not for history…