From patchwork Sun Jan 21 11:45:51 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 7476
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4THs4m2kSQz3wmD
	for <patchwork@web04.haj.ipfire.org>; Sun, 21 Jan 2024 11:46:16 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4THs4k1Jy7z22G;
	Sun, 21 Jan 2024 11:46:14 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4THs4k0lNLz307F;
	Sun, 21 Jan 2024 11:46:14 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4THs4W30tXz300V
	for <development@lists.ipfire.org>; Sun, 21 Jan 2024 11:46:03 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4THs4W1Sp4zq1;
	Sun, 21 Jan 2024 11:46:03 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1705837563;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ug8Lc3/F961jEPXh1JMJzuliCY9OJBA0gRJzifT1J5k=;
	b=DM2LWfz830lQRT5JususCpKDp0AwearszdKURv0+9R9EKgF61gFXJowtdihou30LKSi8xs
	5s6XhOX2rVFnKeBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1705837563;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ug8Lc3/F961jEPXh1JMJzuliCY9OJBA0gRJzifT1J5k=;
	b=VuYEHFzCFsHA42/nJ8Nc6arqlrb0nQMD8ORMf+KleATv3jzTkCfb8PHVKs3LX+Wt3IRCOi
	JhVPlLgj0GIRFmh8nVdTc9Br/pzHWDa2cpVvIIV4de2AZi04QYqWT7FO5nl84Cs+bdp4JG
	7NGLcdRG0eDQXlI+Dw8K7enWQKSCN6hhLSwxAga2KlifEcABhyCinHglsheCq7Noh6xbuy
	xkBLu2ewvcU7IicJctJoCxB4NL5O3FjU7xDfcZ0ByjAvsvKIdCXJkMNZC102Y/YPpKVWnp
	SXd2nXQ6FuEB36X3cMtRqNYZzkdkrX7vqnPapoHPbhOjRn3QSk5AihehdyKtOg==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v3 5/7] collectd.conf: Fix bug12981 - This creates in and out
 drop hostile data collection
Date: Sun, 21 Jan 2024 12:45:51 +0100
Message-ID: <20240121114553.5182-5-adolf.belka@ipfire.org>
In-Reply-To: <20240121114553.5182-1-adolf.belka@ipfire.org>
References: <20240121114553.5182-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: 65O6NDZKTEFZED2UV6LMH2RSHY6D75DK
X-Message-ID-Hash: 65O6NDZKTEFZED2UV6LMH2RSHY6D75DK
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/65O6NDZKTEFZED2UV6LMH2RSHY6D75DK/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- In this v3 version of the patch set the splitting of drop hostile logging into incoming
   and outgoing logging means that the data collection and graphs need to have drop hostile
   also split into incoming and outgoing.

Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/collectd/collectd.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf
index 4ef34ea07..cc49f0ba7 100644
--- a/config/collectd/collectd.conf
+++ b/config/collectd/collectd.conf
@@ -51,7 +51,8 @@ include "/etc/collectd.precache"
 	Chain filter POLICYOUT DROP_OUTPUT
 	Chain filter POLICYIN DROP_INPUT
 	Chain filter SPOOFED_MARTIAN DROP_SPOOFED_MARTIAN
-	Chain filter HOSTILE_DROP DROP_HOSTILE
+	Chain filter HOSTILE_DROP_IN DROP_HOSTILE
+	Chain filter HOSTILE_DROP_OUT DROP_HOSTILE
 </Plugin>
 
 #<Plugin logfile>