feat: added counter and log for dropped packages

NethServer · Nov 20, 2024 · bd2f4ad · bd2f4ad
1 parent 38ba89d
commit bd2f4ad
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/packages/ns-binding/files/ns-binding.py b/packages/ns-binding/files/ns-binding.py
@@ -53,17 +53,19 @@
         # if interface is not in one where the DHCP server is configured, allow DHCP queries and check with bindingListV4 for all rest
         chain input {{
             type filter hook input priority -110; policy drop;
-            ct state established,related counter accept
-            iifname != {{ {' , '.join(dhcp_interfaces)} }} counter accept
-            udp dport { 67, 68 } counter accept
+            ct state established,related accept
+            iifname != {{ {' , '.join(dhcp_interfaces)} }} accept
+            udp dport 67-68 accept
             ether saddr . ip saddr @bindingListV4 counter accept
+            log flags all prefix "input drop: " counter
         }}
         
         chain forward {{
             type filter hook forward priority -110; policy drop;
-            ct state established,related counter accept
-            iifname != {{ {' , '.join(dhcp_interfaces)} }} counter accept
+            ct state established,related accept
+            iifname != {{ {' , '.join(dhcp_interfaces)} }} accept
             ether saddr . ip saddr @bindingListV4 counter accept
+            log flags all prefix "forward drop: " counter
         }}
     }}
     """