When adding a firewall rule with actopm "DROP" and logging active, it is translated into a iptables rule like: LOG all -- my.orange.ip.net/24 0.0.0.0/0 limit: ... prefix "FORWARDFW " DROP all -- my.orange.ip.net/24 0.0.0.0/0 The log entry shown in the web interface does show the chain "FORWARDFW", but there is no indication, that the packet has been dropped. Of course I could know about my rules, but who do allways remember, what he configured a month ago? It would be useful to add the action to the log also. For example: LOG all -- my.orange.ip.net/24 0.0.0.0/0 limit: ... prefix "FORWARDFW:DROP "
Hm, this seems to be an aesthetic issue, isn't it?
(In reply to Peter Müller from comment #1) > Hm, this seems to be an aesthetic issue, isn't it? No, it isn't a aesthetic issue only. While watching /var/log/messages I did see some FORWARDFW log entries for a request, which should be dropped. So I got frightened and started to analyse the iptables. After a while I've realized, that the log entry was a DROP. -> The log entries are misleading and did cause scare and work. And because the firewall rules are not versioned, you cannot analyze a firewall log from the past. You do dont know whether the packet has been forwarded if you do not know the rules for this specific time. It would be a big improvement for tracability if the log would document the action taken. So IMHO it is a small change with a big win. Even for small environments like at home.