optimized logging of unsupported netfilter-rules

Author: superstes

src/firewall_test/plugins/system/firewall_netfilter.py

@@ -97,7 +97,7 @@ def matches(self, packet: (PacketIP, PacketTCPUDP, PacketICMP), rule: Rule) -> R
                 log_warn('Firewall Plugin', ' > Matches: Found not matches we could process - skipping rule')
 
             else:
-                log_debug('Firewall Plugin', f' > Matches: {nf_rule.get_match_types()} | Result: {results}')
+                log_debug('Firewall Plugin', f' > Match Results: {nf_rule.get_match_types()} => {results}')
 
                 return RuleMatchResult(
                     matched=all(results),

src/firewall_test/plugins/translate/netfilter/elements.py

@@ -341,6 +341,7 @@ def __repr__(self) -> str:
 class NftRule(NftBase):
     def __init__(self, table: NftTable, chain: NftChain, raw: dict, seq: int, sets: list[NftSet]):
         NftBase.__init__(self=self, raw=raw, table=table)
+        self.raw = raw
         self.chain = chain
         self.seq = seq
 

src/firewall_test/plugins/translate/netfilter/parse.py

@@ -83,7 +83,11 @@ def _parse_rules(self):
                     sets=self.sets,
                 )
                 if rule.invalid_matches:
-                    log_warn('Firewall Plugin', 'Got rule with unparsable matches - skipping')
+                    log_warn(
+                        'Firewall Plugin',
+                        v1=f'Unsupported rule: Table {rule.table.name}, Chain {rule.chain.name}, Rule {rule.seq}',
+                        v4=f' | {rule.raw}'
+                    )
 
                 else:
                     self.rules.append(rule)