diff --git a/test/mandatory/log.json b/test/mandatory/log.json index 0db68b07810d237402abeddac287114c86b17ca2..d537977707f9c333b809115b80d1c441a9debd32 100644 --- a/test/mandatory/log.json +++ b/test/mandatory/log.json @@ -3,6 +3,10 @@ "none": { "mode": "none" }, "ulog": { "mode": "ulog", "limit": { "interval": 5 } } }, + "packet-log": [ + { "out": "_fw" }, + { "out": "_fw", "log": "ulog" } + ], "filter": [ {}, { "action": "drop" }, diff --git a/test/output/address/dump b/test/output/address/dump index ba2720e43354623f15b4dee1e7fdb5ace28807c5..8d1c9fa679e75f2904a05756dbbfb1867feed337 100644 --- a/test/output/address/dump +++ b/test/output/address/dump @@ -8044,6 +8044,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -10191,6 +10201,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -13031,6 +13043,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/address/rules-save b/test/output/address/rules-save index d1595507fae00176eaa3bda9748d0cda6def0ed3..ab2db2e96a842980ac60c3f8afa145c02057b8f1 100644 --- a/test/output/address/rules-save +++ b/test/output/address/rules-save @@ -1937,6 +1937,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/address/rules6-save b/test/output/address/rules6-save index 837ae3f3876bbb6bfd9f793a4b2d1272549edb90..584f9e93c89ef5879af0e20c78e39fd1c2ecf2e1 100644 --- a/test/output/address/rules6-save +++ b/test/output/address/rules6-save @@ -559,6 +559,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/filter-limit/dump b/test/output/filter-limit/dump index 7679757fa3610761c78eb28242b893e3232f4542..abe06368cef3a0f3aaa0508c02590ac95862cf37 100644 --- a/test/output/filter-limit/dump +++ b/test/output/filter-limit/dump @@ -35774,6 +35774,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -41445,6 +41455,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set -A INPUT -j limit-1886 @@ -59939,6 +59951,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j limit-1886 diff --git a/test/output/filter-limit/rules-save b/test/output/filter-limit/rules-save index 9741e924ebf9f07c6390218a4a41a428fdb92232..3f97755205c04e0664ccc87db8ae1212450f12a1 100644 --- a/test/output/filter-limit/rules-save +++ b/test/output/filter-limit/rules-save @@ -5461,6 +5461,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask 255.255.255.255 --set -A INPUT -m recent --name user:B --rsource --mask 255.255.255.255 --set -A INPUT -j limit-1886 diff --git a/test/output/filter-limit/rules6-save b/test/output/filter-limit/rules6-save index 83fc1ab6b08568d1373eaadae2f972f7dd06763d..f8161b33d8a255aa2e2983d7bb545a354ca8af11 100644 --- a/test/output/filter-limit/rules6-save +++ b/test/output/filter-limit/rules6-save @@ -5435,6 +5435,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m recent --name user:B --rdest --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -m recent --name user:B --rsource --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --set -A INPUT -j limit-1886 diff --git a/test/output/filter/dump b/test/output/filter/dump index 4af5e47065c511f69e8fdc351c076137d0368cca..87ed7ae2b98bf4b937a8da6772a2c122aafd508f 100644 --- a/test/output/filter/dump +++ b/test/output/filter/dump @@ -392,6 +392,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -689,6 +699,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -867,6 +879,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/filter/rules-save b/test/output/filter/rules-save index eba30deb19efe663b80bea280408ba1ab2be3926..4edf399441aba4463685fb9b15637e37442aeaff 100644 --- a/test/output/filter/rules-save +++ b/test/output/filter/rules-save @@ -87,6 +87,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/filter/rules6-save b/test/output/filter/rules6-save index 674f83c10596311ed59f92e7879d5f3f67a5ed84..e242aa3ed28b9556bc226e08f24f1c6d8ac51fdf 100644 --- a/test/output/filter/rules6-save +++ b/test/output/filter/rules6-save @@ -61,6 +61,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/no-track/dump b/test/output/no-track/dump index 01b7bd0ec505b64ef98e63f82ee3f894002caaba..e5ef47ffcdc4e9e85deb16c0dd1e8ebbbca804ea 100644 --- a/test/output/no-track/dump +++ b/test/output/no-track/dump @@ -388,6 +388,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -681,6 +691,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -863,6 +875,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/no-track/rules-save b/test/output/no-track/rules-save index c233d55ba48526fbe77eb92e82bd9bf0975aba5f..5955fb85b3de3ec8928346356adfc76738df76e7 100644 --- a/test/output/no-track/rules-save +++ b/test/output/no-track/rules-save @@ -83,6 +83,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/no-track/rules6-save b/test/output/no-track/rules6-save index 8a26bf3010b4bddbc43296738000dec2a9c3012b..93662c5dd39fe71c07b6c9749e7417b92d79c89b 100644 --- a/test/output/no-track/rules6-save +++ b/test/output/no-track/rules6-save @@ -51,6 +51,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/route-track/dump b/test/output/route-track/dump index f2ba8573a095f5e8c319d778573359f33a8a7fb4..350eaa0891ced72c79781f73b5bca125f8e3d3d8 100644 --- a/test/output/route-track/dump +++ b/test/output/route-track/dump @@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Route-track 1 {"mark":4} (route-track) inet/mangle/OUTPUT -m mark --mark 0 -j MARK --set-mark 4 @@ -621,6 +631,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -773,6 +785,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/route-track/rules-save b/test/output/route-track/rules-save index 3b9d6276cb9a685f449253c43ab9ae9ed85411cc..1036147c9cae9a5c114cbff60703dbec5a3166f4 100644 --- a/test/output/route-track/rules-save +++ b/test/output/route-track/rules-save @@ -77,6 +77,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/route-track/rules6-save b/test/output/route-track/rules6-save index 11dcec1614aa85de896de1eebbace23aaea3ca2e..e04f8071ff01138b1a89607c37862d102e4f83ce 100644 --- a/test/output/route-track/rules6-save +++ b/test/output/route-track/rules6-save @@ -51,6 +51,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/tproxy/dump b/test/output/tproxy/dump index 5dcdb32a177f646736baa324eb04dbe6304bfdd4..d255d605f40fb217ffe61ab7f097ee9dc5c4da74 100644 --- a/test/output/tproxy/dump +++ b/test/output/tproxy/dump @@ -322,6 +322,16 @@ No-track 3 {"out":"_fw"} inet6/raw/PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack +Packet-log 1 {"out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 1/second -j LOG + inet6/filter/INPUT -m limit --limit 1/second -j LOG + +Packet-log 2 {"log":"ulog","out":"_fw"} +(log) + inet/filter/INPUT -m limit --limit 12/minute -j ULOG + + Service babel {"port":6697,"proto":"tcp"} (services) @@ -615,6 +625,8 @@ hash:net family inet -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT @@ -766,6 +778,7 @@ COMMIT -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/tproxy/rules-save b/test/output/tproxy/rules-save index b948e2b00e0171fb650ad1bde979f558f734220f..b110446e3af002919380fda0f90bb8a0dc21c6d2 100644 --- a/test/output/tproxy/rules-save +++ b/test/output/tproxy/rules-save @@ -77,6 +77,8 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmp -j icmp-routing +-A INPUT -m limit --limit 12/minute -j ULOG +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT diff --git a/test/output/tproxy/rules6-save b/test/output/tproxy/rules6-save index 1a1847154fa43411868ef0df540dde7e077aca23..3de674a2a6ebc6620c04c7adb8a64a8c715935d4 100644 --- a/test/output/tproxy/rules6-save +++ b/test/output/tproxy/rules6-save @@ -51,6 +51,7 @@ -A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT -A FORWARD -p icmpv6 -j icmp-routing +-A INPUT -m limit --limit 1/second -j LOG -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j ACCEPT