<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000066">
<font color="#000000">Is there a maximum depth on recursive filter
statements?<br>
I seem to have an issue which would indicate so.<br>
<br>
For example, in the config below, i have f_discard, which calls
f_iptables_discard, which calls f_iptables. I have it like this so
that its easy to read, configure, and add other filters. Its
supposed to result in lines matching this to not be logged, but
its not working. However if I take the contents of
`f_iptables_discard` and put them directly into `f_discard` it
works fine.<br>
<br>
<font color="#660000"><tt>filter f_iptables {<br>
program('^kernel')<br>
and message('^\s*\[\s*[\d\.]+\] iptables/' type(pcre))<br>
};<br>
filter f_iptables_discard {<br>
# ignore iptables broadcast messages<br>
filter(f_iptables)<br>
and message('MAC=ff:ff:ff:ff:ff:ff')<br>
;<br>
};<br>
<br>
filter f_discard {<br>
not (<br>
filter(f_iptables_discard)<br>
);<br>
};<br>
rewrite r_tag {<br>
set('iptables', value('DBTAG')
condition(filter(f_iptables)));<br>
};<br>
<br>
log {<br>
source(s_local); source(s_net);<br>
rewrite(r_tag);<br>
filter(f_discard);<br>
destination(d_sqlite);<br>
};</tt></font><br>
</font>
</body>
</html>