Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set a customisable rate limit to the logging rules #22

Merged
merged 1 commit into from
Nov 29, 2020
Merged

Set a customisable rate limit to the logging rules #22

merged 1 commit into from
Nov 29, 2020

Conversation

nbarrientos
Copy link
Collaborator

As discussed in #19, this patch adds an extra variable to the main interface allowing to customise the rate limiting policy applied to the rules that log discarded traffic. By default, a limit is configured as follows:

chain INPUT {
...
limit rate 3/minute log prefix "[nftables] FORWARD Rejected: " flags all counter packets 0 bytes 0
...
}
# same for OUTPUT and FORWARD

Closes #19.

duritong
duritong requested changes Nov 24, 2020
View reviewed changes
Copy link
Collaborator

@duritong duritong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

except for the template LGTM

manifests/inet_filter.pp Outdated Show resolved Hide resolved
@duritong duritong requested a review from keachi November 24, 2020 15:21
@duritong
Copy link
Collaborator

@keachi PTAL

keachi
keachi approved these changes Nov 29, 2020
View reviewed changes
Copy link
Collaborator

@keachi keachi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@keachi keachi merged commit 902ceaa into voxpupuli:master Nov 29, 2020
@traylenator traylenator added the enhancement New feature or request label Dec 10, 2020
figless pushed a commit to figless/puppet-nftables that referenced this pull request Aug 25, 2021
@nbarrientos
Squashed 'code/' changes from d5a6153..72aad4a
d7e0c51 
72aad4a Merge pull request voxpupuli#28 from traylenator/simplify
902ceaa Merge pull request voxpupuli#22 from cernops/log_limit
300b738 Do not test nftables::rules repeatadly
b10c621 Set a customisable rate limit to the logging rules

git-subtree-dir: code
git-subtree-split: 72aad4a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keachi keachi keachi approved these changes

@duritong duritong duritong approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add an option to limit the rate of logged messages
4 participants
@nbarrientos @duritong @keachi @traylenator