From f7de36d140394d012ee40c800733250a9615db32 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Thu, 8 Nov 2018 15:11:27 -0500
Subject: [PATCH 22/34] rich rules: allow catch-all log rules

Since we now support rich rule priorities it makes sense to allow
catch-all log rules if priority is specified. But disallow it for
priority==0.

(cherry picked from commit 8fafd9e840c5c4adca318c5c704702b6399fc0c9)
---
 src/firewall/core/rich.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
index f0e4af54f32c..91f53fd94578 100644
--- a/src/firewall/core/rich.py
+++ b/src/firewall/core/rich.py
@@ -541,7 +541,8 @@ class Rich_Rule(object):
             raise FirewallError(errors.INVALID_PRIORITY, "'priority' attribute must be between %d and %d." \
                                                          % (self.priority_min, self.priority_max))
 
-        if self.element is None:
+        if self.element is None and \
+           (self.log is None or (self.log is not None and self.priority == 0)):
             if self.action is None:
                 raise FirewallError(errors.INVALID_RULE, "no element, no action")
             if self.source is None and self.destination is None and self.priority == 0:
-- 
2.18.0