fw4: add support for zone log_limit

[project/firewall4.git] / root / usr / share / firewall4 / templates / zone-drop-invalid.uc

{%+ if (zone.masq ^ zone.masq6): -%}
        meta nfproto {{ fw4.nfproto(zone.masq ? 4 : 6) }} {%+ endif -%}
{%+ include("zone-match.uc", { egress: true, rule }) -%}
ct state invalid {%+ if ((zone.log & 1) && zone.log_limit): -%}
        limit name "{{ zone.name }}.log_limit" log prefix "drop {{ zone.name }} invalid ct state: "
                {%+ include("zone-drop-invalid.uc", { fw4, zone: { ...zone, log: 0 }, rule }) %}
{%+ else -%}
{%+  if (zone.counter): -%}
        counter {%+ endif -%}
{%+  if (zone.log & 1): -%}
        log prefix "drop {{ zone.name }} invalid ct state: " {%+ endif -%}
drop comment "!fw4: Prevent NAT leakage"
{%+ endif -%}