From f7de36d140394d012ee40c800733250a9615db32 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 8 Nov 2018 15:11:27 -0500
Subject: [PATCH 22/34] rich rules: allow catch-all log rules
Since we now support rich rule priorities it makes sense to allow
catch-all log rules if priority is specified. But disallow it for
priority==0.
(cherry picked from commit 8fafd9e840c5c4adca318c5c704702b6399fc0c9)
---
src/firewall/core/rich.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
index f0e4af54f32c..91f53fd94578 100644
--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
@@ -541,7 +541,8 @@ class Rich_Rule(object):
raise FirewallError(errors.INVALID_PRIORITY, "'priority' attribute must be between %d and %d." \
% (self.priority_min, self.priority_max))
- if self.element is None:
+ if self.element is None and \
+ (self.log is None or (self.log is not None and self.priority == 0)):
if self.action is None:
raise FirewallError(errors.INVALID_RULE, "no element, no action")
if self.source is None and self.destination is None and self.priority == 0:
--
2.18.0