mirror of
https://github.com/qdm12/gluetun.git
synced 2026-05-10 04:30:20 +02:00
chore!(firewall): iptables logger level is set at FIREWALL_IPTABLES_LOG_LEVEL
- firewall log level is still fully controlled by `LOG_LEVEL` - iptables log level defaults to `info` even if global log level is `debug` to minimize the amount of debug logs - iptables log level is only set to debug if retro-compatible `FIREWALL_DEBUG=on` or if `FIREWALL_IPTABLES_LOG_LEVEL=debug`
This commit is contained in:
Quentin McGaw
@@ -15,7 +15,7 @@ type Firewall struct {
|
||||
InputPorts []uint16
|
||||
OutboundSubnets []netip.Prefix
|
||||
Enabled *bool
|
||||
Debug *bool
|
||||
Iptables Iptables
|
||||
}
|
||||
|
||||
func (f Firewall) validate() (err error) {
|
||||
@@ -33,6 +33,11 @@ func (f Firewall) validate() (err error) {
|
||||
}
|
||||
}
|
||||
|
||||
err = f.Iptables.validate()
|
||||
if err != nil {
|
||||
return fmt.Errorf("iptables settings: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -51,7 +56,7 @@ func (f *Firewall) copy() (copied Firewall) {
|
||||
InputPorts: gosettings.CopySlice(f.InputPorts),
|
||||
OutboundSubnets: gosettings.CopySlice(f.OutboundSubnets),
|
||||
Enabled: gosettings.CopyPointer(f.Enabled),
|
||||
Debug: gosettings.CopyPointer(f.Debug),
|
||||
Iptables: f.Iptables.copy(),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -63,12 +68,12 @@ func (f *Firewall) overrideWith(other Firewall) {
|
||||
f.InputPorts = gosettings.OverrideWithSlice(f.InputPorts, other.InputPorts)
|
||||
f.OutboundSubnets = gosettings.OverrideWithSlice(f.OutboundSubnets, other.OutboundSubnets)
|
||||
f.Enabled = gosettings.OverrideWithPointer(f.Enabled, other.Enabled)
|
||||
f.Debug = gosettings.OverrideWithPointer(f.Debug, other.Debug)
|
||||
f.Iptables.overrideWith(other.Iptables)
|
||||
}
|
||||
|
||||
func (f *Firewall) setDefaults() {
|
||||
func (f *Firewall) setDefaults(globalLogLevel string) {
|
||||
f.Enabled = gosettings.DefaultPointer(f.Enabled, true)
|
||||
f.Debug = gosettings.DefaultPointer(f.Debug, false)
|
||||
f.Iptables.setDefaults(globalLogLevel)
|
||||
}
|
||||
|
||||
func (f Firewall) String() string {
|
||||
@@ -83,9 +88,7 @@ func (f Firewall) toLinesNode() (node *gotree.Node) {
|
||||
return node
|
||||
}
|
||||
|
||||
if *f.Debug {
|
||||
node.Appendf("Debug mode: on")
|
||||
}
|
||||
node.AppendNode(f.Iptables.toLinesNode())
|
||||
|
||||
if len(f.VPNInputPorts) > 0 {
|
||||
vpnInputPortsNode := node.Appendf("VPN input ports:")
|
||||
@@ -133,9 +136,9 @@ func (f *Firewall) read(r *reader.Reader) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
f.Debug, err = r.BoolPtr("FIREWALL_DEBUG")
|
||||
err = f.Iptables.read(r)
|
||||
if err != nil {
|
||||
return err
|
||||
return fmt.Errorf("reading iptables settings: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
Reference in New Issue
Block a user