Am I correct in thinking that within Luci with my complex firewall rules, that I cannot have just a single firewall rule log its firing? I have to either log everything or nothing?
I assume then, if I did it from the command line, such a thing is possible.
Such a requirement would be permanent and would be dire having to sift through many, many lines of log. If I am already denying some traffic, I do not need to be told about it.
April 13, 2023, 5:28pm
Is this about fw3 or fw4? iptables or nftables?
fw4/nftables. Found how to do it from the cli. just not from within Luci.
April 13, 2023, 7:29pm
Is your solution top secret or can you tell us?
You can add
option log '1' in the
/etc/config/firewall definition of a rule, redirect or nat.
I assumed everyone knew... Just add "log" to each rule...
I looked at the web page describing that file, and it did not suggest that was possible against each individual rule.
April 14, 2023, 2:32pm
It might also be
option log "some string" to specify a custom log message prefix instead of the autogenerated one
April 14, 2023, 7:01pm
@jow @bib1963 @dave14305 .
I'll test it and report back.
Yes, just adding
option log '1' to a rule definition seems to work, but boy, is the firewall system a nightmare to configure. I've decided just to script it from entries read from a database. It just appears easier to update.
April 15, 2023, 8:00pm
I tested it with several rules (OpenWrt 22.03.3) and it really works. Great!