Skip to content

Commit 3dfe730

Browse files
superstessuperstes
committed
updated default logging-verbosity to include rule-match-action, renamed log-levels to match verbosity-numbers
1 parent 03b3dec commit 3dfe730

File tree

6 files changed

+105
-96
lines changed

6 files changed

+105
-96
lines changed

docs/source/dev/1_intro.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ To run the tests:
9999
# OR
100100
bash scripts/lint.sh
101101
102-
Any changes should be covered by tests. Plugins also have to implement unit-tests!
102+
Linter-failures should only be disabled if the code will be refactored anyway. (:code:`# pylint: disable=<CODE>`)
103103

104104
Debug Output
105105
************

docs/source/usage/3_run.rst

Lines changed: 47 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -79,31 +79,31 @@ Pass Example
7979
> 🛈 ROUTER: Packet inbound-interface: docker0
8080
> 🛈 ROUTER: Packet inbound-route: 172.17.0.0/16, scope link
8181
> 🛈 FIREWALL: Processing Chain: Table nat ip4 | Chain PREROUTING ip4 nat
82-
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0
82+
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0 | Match => jump
8383
> 🛈 FIREWALL: > Chain PREROUTING | Sub-Chain: DOCKER
84-
> 🛈 FIREWALL: > Chain DOCKER | Rule 0
84+
> 🛈 FIREWALL: > Chain DOCKER | Rule 0 | Match => return
8585
> 🛈 ROUTER: Packet outbound-interface: wan
8686
> 🛈 ROUTER: Packet outbound-route: 0.0.0.0/0, gw 10.255.255.254, metric 600, scope remote
8787
> 🛈 FIREWALL: Processing Chain: Table filter ip4 | Chain FORWARD ip4 filter
88-
> 🛈 FIREWALL: > Chain FORWARD | Rule 0
88+
> 🛈 FIREWALL: > Chain FORWARD | Rule 0 | Match => jump
8989
> 🛈 FIREWALL: > Chain FORWARD | Sub-Chain: DOCKER-USER
90-
> 🛈 FIREWALL: > Chain DOCKER-USER | Rule 0
91-
> 🛈 FIREWALL: > Chain FORWARD | Rule 1
90+
> 🛈 FIREWALL: > Chain DOCKER-USER | Rule 0 | Match => return
91+
> 🛈 FIREWALL: > Chain FORWARD | Rule 1 | Match => jump
9292
> 🛈 FIREWALL: > Chain FORWARD | Sub-Chain: DOCKER-FORWARD
93-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 0
93+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 0 | Match => jump
9494
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-CT
9595
> 🛈 FIREWALL: > Chain DOCKER-CT | Rule 0
96-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 1
96+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 1 | Match => jump
9797
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-ISOLATION-STAGE-1
98-
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-1 | Rule 0
98+
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-1 | Rule 0 | Match => jump
9999
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-1 | Sub-Chain: DOCKER-ISOLATION-STAGE-2
100100
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-2 | Rule 0
101-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 2
101+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 2 | Match => jump
102102
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-BRIDGE
103103
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Rule 0
104-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 3
104+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 3 | Match => accept
105105
> 🛈 FIREWALL: Processing Chain: Table nat ip4 | Chain POSTROUTING ip4 nat
106-
> 🛈 FIREWALL: > Chain POSTROUTING | Rule 0
106+
> 🛈 FIREWALL: > Chain POSTROUTING | Rule 0 | Match => snat
107107
> 🛈 FIREWALL: Performed SNAT
108108
> ✓ FIREWALL: Packet passed
109109
@@ -119,30 +119,30 @@ Block Example
119119
> 🛈 ROUTER: Packet inbound-interface: wan
120120
> 🛈 ROUTER: Packet inbound-route: 0.0.0.0/0, gw 10.255.255.254, metric 600, scope remote
121121
> 🛈 FIREWALL: Processing Chain: Table nat ip4 | Chain PREROUTING ip4 nat
122-
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0
122+
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0 | Match => jump
123123
> 🛈 FIREWALL: > Chain PREROUTING | Sub-Chain: DOCKER
124124
> 🛈 FIREWALL: > Chain DOCKER | Rule 0
125125
> 🛈 FIREWALL: > Chain DOCKER | Rule 1
126126
> 🛈 ROUTER: Packet outbound-interface: docker0
127127
> 🛈 ROUTER: Packet outbound-route: 172.17.0.0/16, scope link
128128
> 🛈 FIREWALL: Processing Chain: Table filter ip4 | Chain FORWARD ip4 filter
129-
> 🛈 FIREWALL: > Chain FORWARD | Rule 0
129+
> 🛈 FIREWALL: > Chain FORWARD | Rule 0 | Match => jump
130130
> 🛈 FIREWALL: > Chain FORWARD | Sub-Chain: DOCKER-USER
131-
> 🛈 FIREWALL: > Chain DOCKER-USER | Rule 0
132-
> 🛈 FIREWALL: > Chain FORWARD | Rule 1
131+
> 🛈 FIREWALL: > Chain DOCKER-USER | Rule 0 | Match => return
132+
> 🛈 FIREWALL: > Chain FORWARD | Rule 1 | Match => jump
133133
> 🛈 FIREWALL: > Chain FORWARD | Sub-Chain: DOCKER-FORWARD
134-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 0
134+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 0 | Match => jump
135135
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-CT
136-
> 🛈 FIREWALL: > Chain DOCKER-CT | Rule 0
137-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 1
136+
> 🛈 FIREWALL: > Chain DOCKER-CT | Rule 0 | Match => accept
137+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 1 | Match => jump
138138
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-ISOLATION-STAGE-1
139139
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-1 | Rule 0
140-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 2
140+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 2 | Match => jump
141141
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-BRIDGE
142-
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Rule 0
142+
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Rule 0 | Match => jump
143143
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Sub-Chain: DOCKER
144144
> 🛈 FIREWALL: > Chain DOCKER | Rule 0
145-
> 🛈 FIREWALL: > Chain DOCKER | Rule 1
145+
> 🛈 FIREWALL: > Chain DOCKER | Rule 1 | Match => drop
146146
> ✖ FIREWALL: Packet blocked by rule: {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
147147
148148
----
@@ -159,31 +159,39 @@ You can get more detailed output by increasing the verbosity:
159159
> 🛈 ROUTER: Packet inbound-interface: wan
160160
> 🛈 ROUTER: Packet inbound-route: 0.0.0.0/0, gw 10.255.255.254, metric 600, scope remote
161161
> 🛈 FIREWALL: Processing Chain: Table nat ip4 | Chain PREROUTING ip4 nat
162-
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0: {'action': 'jump', 'seq': 0, 'raw': Rule: #3 | Matches: []}
162+
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0 | Match => jump | {'action': 'jump', 'seq': 0, 'raw': Rule: #3 | Matches: []}
163163
> 🛈 FIREWALL: > Chain PREROUTING | Sub-Chain: DOCKER
164-
> 🛈 FIREWALL: > Chain DOCKER | Rule 0: {'action': 'return', 'seq': 0, 'raw': Rule: #10 | Matches: [ni_in == ['docker0']]}
165-
> 🛈 FIREWALL: > Chain DOCKER | Rule 1: {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
164+
> 🛈 FIREWALL: > Chain DOCKER | Rule 0 | {'action': 'return', 'seq': 0, 'raw': Rule: #10 | Matches: [ni_in == ['docker0']]}
165+
> 🛈 FIREWALL: > Chain DOCKER | Rule 1 | {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
166166
> 🛈 FIREWALL: Flow-type: forward
167167
> 🛈 ROUTER: Packet outbound-interface: docker0
168168
> 🛈 ROUTER: Packet outbound-route: 172.17.0.0/16, scope link
169169
> 🛈 FIREWALL: Processing Chain: Table filter ip4 | Chain FORWARD ip4 filter
170-
> 🛈 FIREWALL: > Chain FORWARD | Rule 0: {'action': 'jump', 'seq': 0, 'raw': Rule: #20 | Matches: []}
170+
> 🛈 FIREWALL: > Chain FORWARD | Rule 0 | Match => jump | {'action': 'jump', 'seq': 0, 'raw': Rule: #20 | Matches: []}
171171
> 🛈 FIREWALL: > Chain FORWARD | Sub-Chain: DOCKER-USER
172-
> 🛈 FIREWALL: > Chain DOCKER-USER | Rule 0: {'action': 'return', 'seq': 0, 'raw': Rule: #19 | Matches: []}
173-
> 🛈 FIREWALL: > Chain FORWARD | Rule 1: {'action': 'jump', 'seq': 1, 'raw': Rule: #8 | Matches: []}
172+
> 🛈 FIREWALL: > Chain DOCKER-USER | Rule 0 | Match => return | {'action': 'return', 'seq': 0, 'raw': Rule: #19 | Matches: []}
173+
> 🛈 FIREWALL: > Chain FORWARD | Rule 1 | Match => jump | {'action': 'jump', 'seq': 1, 'raw': Rule: #8 | Matches: []}
174174
> 🛈 FIREWALL: > Chain FORWARD | Sub-Chain: DOCKER-FORWARD
175-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 0: {'action': 'jump', 'seq': 0, 'raw': Rule: #11 | Matches: []}
175+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 0 | Match => jump | {'action': 'jump', 'seq': 0, 'raw': Rule: #11 | Matches: []}
176176
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-CT
177-
> 🛈 FIREWALL: > Chain DOCKER-CT | Rule 0: {'action': 'accept', 'seq': 0, 'raw': Rule: #23 | Matches: [ni_out == ['docker0']]}
178-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 1: {'action': 'jump', 'seq': 1, 'raw': Rule: #10 | Matches: []}
177+
> 🛈 FIREWALL: > Chain DOCKER-CT | Rule 0 | Match => accept | {'action': 'accept', 'seq': 0, 'raw': Rule: #23 | Matches: [ni_out == ['docker0']]}
178+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 1 | Match => jump | {'action': 'jump', 'seq': 1, 'raw': Rule: #10 | Matches: []}
179179
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-ISOLATION-STAGE-1
180-
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-1 | Rule 0: {'action': 'jump', 'seq': 0, 'raw': Rule: #25 | Matches: [ni_in == ['docker0'], ni_out != ['docker0']]}
181-
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 2: {'action': 'jump', 'seq': 2, 'raw': Rule: #9 | Matches: []}
180+
> 🛈 FIREWALL: > Chain DOCKER-ISOLATION-STAGE-1 | Rule 0 | {'action': 'jump', 'seq': 0, 'raw': Rule: #25 | Matches: [ni_in == ['docker0'], ni_out != ['docker0']]}
181+
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Rule 2 | Match => jump | {'action': 'jump', 'seq': 2, 'raw': Rule: #9 | Matches: []}
182182
> 🛈 FIREWALL: > Chain DOCKER-FORWARD | Sub-Chain: DOCKER-BRIDGE
183-
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Rule 0: {'action': 'jump', 'seq': 0, 'raw': Rule: #24 | Matches: [ni_out == ['docker0']]}
183+
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Rule 0 | Match => jump | {'action': 'jump', 'seq': 0, 'raw': Rule: #24 | Matches: [ni_out == ['docker0']]}
184184
> 🛈 FIREWALL: > Chain DOCKER-BRIDGE | Sub-Chain: DOCKER
185-
> 🛈 FIREWALL: > Chain DOCKER | Rule 0: {'action': 'return', 'seq': 0, 'raw': Rule: #10 | Matches: [ni_in == ['docker0']]}
186-
> 🛈 FIREWALL: > Chain DOCKER | Rule 1: {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
185+
> 🛈 FIREWALL: > Chain DOCKER | Rule 0 | {'action': 'return', 'seq': 0, 'raw': Rule: #10 | Matches: [ni_in == ['docker0']]}
186+
> 🛈 FIREWALL: > Chain DOCKER | Rule 1 | Match => drop | {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
187+
> ✖ FIREWALL: Packet blocked by rule: {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
188+
189+
Or run use the silent-mode:
190+
191+
.. code-block:: bash
192+
193+
ftf-cli ... --src-ip 10.0.0.1 --dst-ip 172.17.10.6 --verbosity silent
194+
187195
> ✖ FIREWALL: Packet blocked by rule: {'action': 'drop', 'seq': 1, 'raw': Rule: #22 | Matches: [ni_in != ['docker0'], ni_out == ['docker0']]}
188196
189197
----
@@ -197,13 +205,12 @@ Depending on the system-specific configuration traffic can be dropped by non-fir
197205
198206
ftf-cli ... --src-ip 172.17.11.5 --dst-ip 10.100.1.1
199207
200-
> 🛈 ROUTER: Packet inbound-interface: wan
201-
> 🛈 ROUTER: Packet inbound-route: 0.0.0.0/0, gw 10.255.255.254, metric 600, scope remote
208+
> 🛈 ROUTER: Packet inbound-interface: docker0
209+
> 🛈 ROUTER: Packet inbound-route: 172.17.0.0/16, scope link
202210
> 🛈 FIREWALL: Processing Chain: Table nat ip4 | Chain PREROUTING ip4 nat
203-
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0
211+
> 🛈 FIREWALL: > Chain PREROUTING | Rule 0 | Match => jump
204212
> 🛈 FIREWALL: > Chain PREROUTING | Sub-Chain: DOCKER
205-
> 🛈 FIREWALL: > Chain DOCKER | Rule 0
206-
> 🛈 FIREWALL: > Chain DOCKER | Rule 1
213+
> 🛈 FIREWALL: > Chain DOCKER | Rule 0 | Match => return
207214
> 🛈 ROUTER: Packet outbound-interface: wan
208215
> 🛈 ROUTER: Packet outbound-route: 0.0.0.0/0, gw 10.255.255.254, metric 600, scope remote
209216
> ✖ SYSTEM: Dropping traffic to WAN targeting bogons

scripts/cli.sh

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,4 @@ fi
1818

1919
cd "$(dirname "$0")/.."
2020

21-
export DEBUG=1
22-
2321
python3 src/firewall_test/cli.py --firewall-system 'linux_netfilter' --file-interfaces 'testdata/plugin_translate_linux_interfaces.json' --file-routes 'testdata/plugin_translate_linux_routes.json' --file-route-rules 'testdata/plugin_translate_linux_route-rules.json' --file-ruleset 'testdata/plugin_translate_netfilter_ruleset.json' --src-ip "$SRC" --dst-ip "$DST"

src/firewall_test/simulator/firewall.py

Lines changed: 36 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
from plugins.system.abstract_rule_match import RuleMatchResult
66
from plugins.translate.abstract import Ruleset, Table, Chain, Rule
77
from plugins.translate.config import RuleAction, RuleActionKindTerminal, RuleActionKindToChain, RuleActionContinue, \
8-
RuleActionKindTerminalKill, RuleActionGoTo, RuleActionKindNAT, RuleActionDNAT
8+
RuleActionKindTerminalKill, RuleActionGoTo, RuleActionKindNAT, RuleActionDNAT, RuleActionReturn
99
from simulator.packet import PACKET_KINDS, PacketTCPUDP
1010
from utils.logger import log_debug, log_info, log_warn
1111

@@ -15,19 +15,6 @@ def __init__(self, fw, run_tables):
1515
self._fw = fw
1616
self._run_tables = run_tables
1717

18-
@staticmethod
19-
def _log_rule_match(matches: bool, action: (None, RuleAction), debug: bool = False):
20-
msg = f' > Match: {matches}'
21-
22-
if action is not None:
23-
msg += f' | Action: {action.N}'
24-
25-
if debug:
26-
log_debug('Firewall', msg)
27-
28-
else:
29-
log_info('Firewall', v2=msg)
30-
3118
def _get_chain_by_name_and_family(self, packet: PACKET_KINDS, name: str, family: str) -> (Chain, None):
3219
for table in self._run_tables.get_tables(packet):
3320
for chain in self._run_tables.get_chains(packet=packet, table=table):
@@ -36,7 +23,20 @@ def _get_chain_by_name_and_family(self, packet: PACKET_KINDS, name: str, family:
3623

3724
return None
3825

39-
# pylint: disable=R0911
26+
def _log_match(self, chain: Chain, rule: Rule, debug: bool = False):
27+
lazy_action = ''
28+
if self._fw.system.FIREWALL_ACTION_LAZY and rule.action_lazy:
29+
lazy_action = ' (lazy)'
30+
31+
msg = f'> Chain {chain.name} | Rule {rule.seq} | Match => {rule.action.N}{lazy_action}'
32+
v2 = f' | {rule.dump()}'
33+
if debug:
34+
log_debug('Firewall', msg + v2)
35+
36+
else:
37+
log_info(label='Firewall', v1=msg, v2=v2)
38+
39+
# pylint: disable=R0911,R0912
4040
def process(self, chain: Chain, packet: PACKET_KINDS) -> (bool, (Rule, None)):
4141
"""
4242
:param chain: Firewall chain to process; if any rule has an action that targets another chain - it will also be processed
@@ -52,24 +52,28 @@ def process(self, chain: Chain, packet: PACKET_KINDS) -> (bool, (Rule, None)):
5252
lazy_rule: (None, Rule) = None
5353

5454
for rule in chain.rules:
55-
log_info(
56-
label='Firewall',
57-
v0=f'> Chain {chain.name} | Rule {rule.seq}',
58-
v1=f': {rule.dump()}'
59-
)
60-
6155
result: RuleMatchResult = rule_matcher.matches(packet=packet, rule=rule)
62-
requires_action = result.matched and result.action is not None
6356

64-
if not requires_action:
65-
self._log_rule_match(matches=result.matched, action=result.action, debug=True)
57+
if not result.matched:
58+
log_info(
59+
label='Firewall',
60+
v1=f'> Chain {chain.name} | Rule {rule.seq}',
61+
v2=f' | {rule.dump()}'
62+
)
63+
continue
64+
65+
elif result.action is None:
66+
self._log_match(chain=chain, rule=rule)
6667
continue
6768

68-
self._log_rule_match(matches=result.matched, action=result.action)
69+
self._log_match(chain=chain, rule=rule)
6970

7071
if result.action == RuleActionContinue:
7172
continue
7273

74+
if result.action == RuleActionReturn:
75+
return True, None
76+
7377
### ACCEPT / DENY / REJECT / ... ###
7478

7579
if issubclass(result.action, RuleActionKindTerminal):
@@ -107,8 +111,8 @@ def process(self, chain: Chain, packet: PACKET_KINDS) -> (bool, (Rule, None)):
107111

108112
log_info(
109113
label='Firewall',
110-
v0=f'> Chain {chain.name} | Sub-Chain: {target_chain.name}',
111-
v2=f' {target_chain.family.N} {target_chain.type}'
114+
v1=f'> Chain {chain.name} | Sub-Chain: {target_chain.name}',
115+
v3=f' {target_chain.family.N} {target_chain.type}'
112116
)
113117
target_chain.run_table = chain.run_table
114118
jump_result, jump_rule = self.process(chain=target_chain, packet=packet)
@@ -449,7 +453,7 @@ def __init__(self, system: type[FirewallSystem], ruleset: Ruleset):
449453
self._run_tables = RunFirewallTables(self)
450454

451455
def process_pre_routing(self, packet: PACKET_KINDS, flow: type[Flow]) -> (bool, (Rule, None)):
452-
log_info('Firewall', v2='Processing Pre-Routing Filter-Hooks')
456+
log_info('Firewall', v3='Processing Pre-Routing Filter-Hooks')
453457
if flow == FlowInputForward:
454458
# before DNAT we cannot know for sure
455459
flow = FlowInput
@@ -465,12 +469,12 @@ def process_dnat(self, packet: PACKET_KINDS, flow: type[Flow]) -> (bool, (Rule,
465469
# system or flow has no DNAT capability
466470
return False, None
467471

468-
log_info('Firewall', v2='Processing DNAT')
472+
log_info('Firewall', v3='Processing DNAT')
469473

470474
return self._run_tables.process_dnat(packet=packet, flow=flow)
471475

472476
def process_main(self, packet: PACKET_KINDS, flow: type[Flow]) -> (bool, (Rule, None)):
473-
log_info('Firewall', v2='Processing Main Filter-Hooks')
477+
log_info('Firewall', v3='Processing Main Filter-Hooks')
474478

475479
return self._run_tables.process_main(packet=packet, flow=flow)
476480

@@ -479,7 +483,7 @@ def process_snat(self, packet: PACKET_KINDS, flow: type[Flow]) -> (bool, (Rule,
479483
# system or flow has no SNAT capability
480484
return False, None
481485

482-
log_info('Firewall', v2='Processing SNAT')
486+
log_info('Firewall', v3='Processing SNAT')
483487

484488
return self._run_tables.process_snat(packet=packet, flow=flow)
485489

@@ -488,6 +492,6 @@ def process_egress(self, packet: PACKET_KINDS, flow: type[Flow]) -> (bool, (Rule
488492
# already processed all chains
489493
return True, None
490494

491-
log_info('Firewall', v2='Processing Egress Filter-Hooks')
495+
log_info('Firewall', v3='Processing Egress Filter-Hooks')
492496

493497
return self._run_tables.process_egress(packet=packet, flow=flow)

0 commit comments

Comments
 (0)