public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-13 01:45:59 +00:00
Code Issues Releases Wiki Activity

netfilter: improve logging and mark iptables-legacy as deprecated

Browse Source
This commit is contained in:
DerLinkman
2025-10-09 16:37:05 +02:00
parent df4d3bb6e0
commit 417835dea8
4 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/Dockerfiles/netfilter/docker-entrypoint.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
backend=iptables backend=nftables
nft list table ip filter &>/dev/null nft list table ip filter &>/dev/null
nftables_found=$? nftables_found=$?

5
data/Dockerfiles/netfilter/main.py
View File

@@ -449,6 +449,11 @@ if __name__ == '__main__':
tables = NFTables(chain_name, logger) tables = NFTables(chain_name, logger)
else: else:
logger.logInfo('Using IPTables backend') logger.logInfo('Using IPTables backend')
logger.logWarn(
"DEPRECATION: iptables-legacy is deprecated and will be removed in future releases. "
"Please switch to nftables on your host to ensure complete compatibility."
)
time.sleep(5)
tables = IPTables(chain_name, logger) tables = IPTables(chain_name, logger)
clear() clear()

26
data/Dockerfiles/netfilter/modules/Logger.py
View File

@@ -1,5 +1,6 @@
import time import time
import json import json
import datetime
class Logger: class Logger:
def __init__(self): def __init__(self):
@@ -8,17 +9,28 @@ class Logger:
def set_redis(self, redis): def set_redis(self, redis):
self.r = redis self.r = redis
def _format_timestamp(self):
# Local time with milliseconds
return datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
def log(self, priority, message): def log(self, priority, message):
tolog = {} # build redis-friendly dict
tolog['time'] = int(round(time.time())) tolog = {
tolog['priority'] = priority 'time': int(round(time.time())), # keep raw timestamp for Redis
tolog['message'] = message 'priority': priority,
print(message) 'message': message
}
# print human-readable message with timestamp
ts = self._format_timestamp()
print(f"{ts} {priority.upper()}: {message}", flush=True)
# also push JSON to Redis if connected
if self.r is not None: if self.r is not None:
try: try:
self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False)) self.r.lpush('NETFILTER_LOG', json.dumps(tolog, ensure_ascii=False))
except Exception as ex: except Exception as ex:
print('Failed logging to redis: %s' % (ex)) print(f'{ts} WARN: Failed logging to redis: {ex}', flush=True)
def logWarn(self, message): def logWarn(self, message):
self.log('warn', message) self.log('warn', message)
@@ -27,4 +39,4 @@ class Logger:
self.log('crit', message) self.log('crit', message)
def logInfo(self, message): def logInfo(self, message):
self.log('info', message) self.log('info', message)

2
docker-compose.yml
View File

@@ -502,7 +502,7 @@ services:
- acme - acme
netfilter-mailcow: netfilter-mailcow:
image: ghcr.io/mailcow/netfilter:1.62 image: ghcr.io/mailcow/netfilter:1.63
stop_grace_period: 30s stop_grace_period: 30s
restart: always restart: always
privileged: true privileged: true