diff options
author | Ermal <eri@pfsense.org> | 2014-05-27 13:34:14 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-05-27 13:34:14 +0000 |
commit | aa7ec4185ad49cadd1e287403abc9214bc326126 (patch) | |
tree | afe144a4ec31463794a149cf98a1d0d18e30f15b | |
parent | 1fd46d44c599886bf9490c85081ee4bdc2b30326 (diff) | |
download | pfsense-aa7ec4185ad49cadd1e287403abc9214bc326126.zip pfsense-aa7ec4185ad49cadd1e287403abc9214bc326126.tar.gz |
Make logging of pass rules opt-in rather than opt-out
-rw-r--r-- | etc/inc/filter.inc | 2 | ||||
-rw-r--r-- | usr/local/www/diag_logs_settings.php | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ae11bbc..6526d44 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2625,7 +2625,7 @@ function filter_rules_generate() { $log = array(); if(!isset($config['syslog']['nologdefaultblock'])) $log['block'] = "log"; - if(!isset($config['syslog']['nologdefaultpass'])) + if(isset($config['syslog']['nologdefaultpass'])) $log['pass'] = "log"; $saved_tracker = $tracker; diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php index 07e6397..dc6d1c8 100644 --- a/usr/local/www/diag_logs_settings.php +++ b/usr/local/www/diag_logs_settings.php @@ -65,7 +65,7 @@ $pconfig['logall'] = isset($config['syslog']['logall']); $pconfig['system'] = isset($config['syslog']['system']); $pconfig['enable'] = isset($config['syslog']['enable']); $pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); -$pconfig['logdefaultpass'] = !isset($config['syslog']['nologdefaultpass']); +$pconfig['logdefaultpass'] = isset($config['syslog']['nologdefaultpass']); $pconfig['logbogons'] = !isset($config['syslog']['nologbogons']); $pconfig['logprivatenets'] = !isset($config['syslog']['nologprivatenets']); $pconfig['loglighttpd'] = !isset($config['syslog']['nologlighttpd']); @@ -144,7 +144,7 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; - $config['syslog']['nologdefaultpass'] = $_POST['logdefaultpass'] ? false : true; + $config['syslog']['nologdefaultpass'] = $_POST['logdefaultpass'] ? true : false; $config['syslog']['nologbogons'] = $_POST['logbogons'] ? false : true; $config['syslog']['nologprivatenets'] = $_POST['logprivatenets'] ? false : true; $config['syslog']['nologlighttpd'] = $_POST['loglighttpd'] ? false : true; @@ -316,7 +316,7 @@ function check_everything() { <br /> <input name="logdefaultpass" type="checkbox" id="logdefaultpass" value="yes" <?php if ($pconfig['logdefaultpass']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("Log packets matched from the default pass rules put in the ruleset");?></strong><br /> - <?=gettext("Hint: packets that are allowed by the implicit default pass rule will not be logged if you uncheck this option. Per-rule logging options are still respected.");?> + <?=gettext("Hint: packets that are allowed by the implicit default pass rule will be logged if you check this option. Per-rule logging options are still respected.");?> <br /> <input name="logbogons" type="checkbox" id="logbogons" value="yes" <?php if ($pconfig['logbogons']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("Log packets blocked by 'Block Bogon Networks' rules");?></strong><br /> |