#26 Configurable logging for policy action

[Bruno Prémont]

Currently firehol logs all packets dropped by my policy
for the interface (interface eth0, policy drop)

It would be great to add an option to the policy command
so that one could disable logging.
Loging this information is in most cases only useful
when debuging the firewall!

So I would like to see the firehol language extended so
that the following is possible:

interface eth0
policy drop log "Drop-debug eth0"

service http accept

interface eth1
policy drop

service ssh accept

interface eth2
policy reject
service http accept
service ftp accept
...

With the configuration given here packets dropped by
policy for eth1 should be the only ones logged!
Any packet dropped for eth0 or rejected for eth2 should
NOT appear in the logs.