extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-03 00:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove ULOG support

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-11-15 14:59:29 -08:00
parent 45f8d31021
commit 061ce3d781
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
12 changed files with 57 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -450,13 +450,13 @@ use constant { STANDARD => 0x1, #defined by Netfilter
REDIRECT => 0x20, #'REDIRECT' REDIRECT => 0x20, #'REDIRECT'
ACTION => 0x40, #An action (may be built-in) ACTION => 0x40, #An action (may be built-in)
MACRO => 0x80, #A Macro MACRO => 0x80, #A Macro
LOGRULE => 0x100, #'LOG','ULOG','NFLOG' LOGRULE => 0x100, #'LOG','NFLOG'
NFQ => 0x200, #'NFQUEUE' NFQ => 0x200, #'NFQUEUE'
CHAIN => 0x400, #Manual Chain CHAIN => 0x400, #Manual Chain
SET => 0x800, #SET SET => 0x800, #SET
AUDIT => 0x1000, #A_ACCEPT, etc AUDIT => 0x1000, #A_ACCEPT, etc
HELPER => 0x2000, #CT:helper HELPER => 0x2000, #CT:helper
NFLOG => 0x4000, #NFLOG or ULOG NFLOG => 0x4000, #NFLOG
INLINE => 0x8000, #Inline action INLINE => 0x8000, #Inline action
STATEMATCH => 0x10000, #action.Invalid, action.Related, etc. STATEMATCH => 0x10000, #action.Invalid, action.Related, etc.
USERBUILTIN => 0x20000, #Builtin action from user's actions file. USERBUILTIN => 0x20000, #Builtin action from user's actions file.
@ -656,7 +656,6 @@ our %builtin_target = ( ACCEPT => STANDARD + FILTER_TABLE + NAT_TABLE + MAN
TPROXY => STANDARD + MANGLE_TABLE, TPROXY => STANDARD + MANGLE_TABLE,
TRACE => STANDARD + RAW_TABLE, TRACE => STANDARD + RAW_TABLE,
TTL => STANDARD + MANGLE_TABLE, TTL => STANDARD + MANGLE_TABLE,
ULOG => STANDARD + FILTER_TABLE + NAT_TABLE + MANGLE_TABLE + RAW_TABLE,
); );
our %ipset_exists; our %ipset_exists;
@ -3223,7 +3222,6 @@ sub initialize_chain_table($) {
'REDIRECT' => NATRULE + REDIRECT + OPTIONS, 'REDIRECT' => NATRULE + REDIRECT + OPTIONS,
'REDIRECT-' => NATRULE + REDIRECT + NATONLY, 'REDIRECT-' => NATRULE + REDIRECT + NATONLY,
'TARPIT' => STANDARD + TARPIT + OPTIONS, 'TARPIT' => STANDARD + TARPIT + OPTIONS,
'ULOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'WHITELIST' => STANDARD, 'WHITELIST' => STANDARD,
); );
@ -3281,7 +3279,6 @@ sub initialize_chain_table($) {
'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS, 'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'NFQUEUE' => STANDARD + NFQ + OPTIONS, 'NFQUEUE' => STANDARD + NFQ + OPTIONS,
'NFQUEUE!' => STANDARD + NFQ, 'NFQUEUE!' => STANDARD + NFQ,
'ULOG' => STANDARD + LOGRULE + NFLOG,
'ADD' => STANDARD + SET, 'ADD' => STANDARD + SET,
'DEL' => STANDARD + SET, 'DEL' => STANDARD + SET,
'WHITELIST' => STANDARD, 'WHITELIST' => STANDARD,
@ -6756,9 +6753,7 @@ sub log_rule_limit( $$$$$$$$;$ ) {
} }
if ( $config{LOGFORMAT} =~ /^\s*$/ ) { if ( $config{LOGFORMAT} =~ /^\s*$/ ) {
if ( $level =~ '^ULOG' ) { if ( $level =~ /^NFLOG/ ) {
$prefix = "-j $level ";
} elsif ( $level =~ /^NFLOG/ ) {
$prefix = "-j $level "; $prefix = "-j $level ";
} else { } else {
my $flags = $globals{LOGPARMS}; my $flags = $globals{LOGPARMS};
@ -6803,9 +6798,7 @@ sub log_rule_limit( $$$$$$$$;$ ) {
warning_message "Log Prefix shortened to \"$prefix\""; warning_message "Log Prefix shortened to \"$prefix\"";
} }
if ( $level =~ '^ULOG' ) { if ( $level =~ /^NFLOG/ ) {
$prefix = "-j $level --ulog-prefix \"$prefix\" ";
} elsif ( $level =~ /^NFLOG/ ) {
$prefix = "-j $level --nflog-prefix \"$prefix\" "; $prefix = "-j $level --nflog-prefix \"$prefix\" ";
} elsif ( $level =~ '^LOGMARK' ) { } elsif ( $level =~ '^LOGMARK' ) {
$prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13; $prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;
@ -6855,9 +6848,7 @@ sub log_irule_limit( $$$$$$$$@ ) {
} }
if ( $config{LOGFORMAT} =~ /^\s*$/ ) { if ( $config{LOGFORMAT} =~ /^\s*$/ ) {
if ( $level =~ '^ULOG' ) { if ( $level =~ /^NFLOG/ ) {
$prefix = "$level";
} elsif ( $level =~ /^NFLOG/ ) {
$prefix = "$level"; $prefix = "$level";
} else { } else {
my $flags = $globals{LOGPARMS}; my $flags = $globals{LOGPARMS};
@ -6902,9 +6893,7 @@ sub log_irule_limit( $$$$$$$$@ ) {
warning_message "Log Prefix shortened to \"$prefix\""; warning_message "Log Prefix shortened to \"$prefix\"";
} }
if ( $level =~ '^ULOG' ) { if ( $level =~ /^NFLOG/ ) {
$prefix = "$level --ulog-prefix \"$prefix\"";
} elsif ( $level =~ /^NFLOG/ ) {
$prefix = "$level --nflog-prefix \"$prefix\""; $prefix = "$level --nflog-prefix \"$prefix\"";
} elsif ( $level =~ '^LOGMARK' ) { } elsif ( $level =~ '^LOGMARK' ) {
$prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13; $prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;

21
Shorewall/Perl/Shorewall/Config.pm
View File

@ -456,7 +456,6 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
TIME_MATCH => 'Time Match', TIME_MATCH => 'Time Match',
GOTO_TARGET => 'Goto Support', GOTO_TARGET => 'Goto Support',
LOG_TARGET => 'LOG Target', LOG_TARGET => 'LOG Target',
ULOG_TARGET => 'ULOG Target',
NFLOG_TARGET => 'NFLOG Target', NFLOG_TARGET => 'NFLOG Target',
LOGMARK_TARGET => 'LOGMARK Target', LOGMARK_TARGET => 'LOGMARK Target',
IPMARK_TARGET => 'IPMARK Target', IPMARK_TARGET => 'IPMARK Target',
@ -1093,7 +1092,6 @@ sub initialize( $;$$$) {
TIME_MATCH => undef, TIME_MATCH => undef,
GOTO_TARGET => undef, GOTO_TARGET => undef,
LOG_TARGET => undef, LOG_TARGET => undef,
ULOG_TARGET => undef,
NFLOG_TARGET => undef, NFLOG_TARGET => undef,
LOGMARK_TARGET => undef, LOGMARK_TARGET => undef,
IPMARK_TARGET => undef, IPMARK_TARGET => undef,
@ -1272,7 +1270,6 @@ sub initialize( $;$$$) {
$globals{PRODUCT} = 'shorewall'; $globals{PRODUCT} = 'shorewall';
$config{IPTABLES} = undef; $config{IPTABLES} = undef;
$config{ARPTABLES} = undef; $config{ARPTABLES} = undef;
$validlevels{ULOG} = 'ULOG';
} else { } else {
$globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall6"; $globals{SHAREDIR} = "$shorewallrc{SHAREDIR}/shorewall6";
$globals{PRODUCT} = 'shorewall6'; $globals{PRODUCT} = 'shorewall6';
@ -4211,25 +4208,23 @@ sub validate_level( $;$ ) {
require_capability( "${value}_TARGET", "Log level $level", 's' ); require_capability( "${value}_TARGET", "Log level $level", 's' );
} }
if ( $value =~ /^(NFLOG|ULOG)$/ ) { if ( $value eq 'NFLOG' ) {
my $olevel = $value; my $olevel = $value;
if ( $qualifier =~ /^[(](.*)[)]$/ ) { if ( $qualifier =~ /^[(](.*)[)]$/ ) {
my @options = split /,/, $1; my @options = split /,/, $1;
my $prefix = lc $olevel; my $index = 0;
my $index = $prefix eq 'ulog' ? 3 : 0;
level_error( $rawlevel , $option ) if @options > 3; level_error( $rawlevel , $option ) if @options > 3;
for ( @options ) { for ( @options ) {
if ( supplied( $_ ) ) { if ( supplied( $_ ) ) {
level_error( $rawlevel , $option ) unless /^\d+/; level_error( $rawlevel , $option ) unless /^\d+/;
$olevel .= " --${prefix}-$suffixes[$index] $_"; $olevel .= " --nflog-$suffixes[$index] $_";
} }
$index++; $index++;
} }
} elsif ( $qualifier =~ /^ --/ ) { } elsif ( $qualifier =~ /^ --/ ) {
return $rawlevel; return $rawlevel;
} else { } else {
@ -4879,10 +4874,6 @@ sub Log_Target() {
qt1( "$iptables $iptablesw -A $sillyname -j LOG" ); qt1( "$iptables $iptablesw -A $sillyname -j LOG" );
} }
sub Ulog_Target() {
qt1( "$iptables $iptablesw -A $sillyname -j ULOG" );
}
sub NFLog_Target() { sub NFLog_Target() {
qt1( "$iptables $iptablesw -A $sillyname -j NFLOG" ); qt1( "$iptables $iptablesw -A $sillyname -j NFLOG" );
} }
@ -5068,7 +5059,6 @@ our %detect_capability =
LENGTH_MATCH => \&Length_Match, LENGTH_MATCH => \&Length_Match,
LOGMARK_TARGET => \&Logmark_Target, LOGMARK_TARGET => \&Logmark_Target,
LOG_TARGET => \&Log_Target, LOG_TARGET => \&Log_Target,
ULOG_TARGET => \&Ulog_Target,
NFLOG_TARGET => \&NFLog_Target, NFLOG_TARGET => \&NFLog_Target,
NFLOG_SIZE => \&NFLog_Size, NFLOG_SIZE => \&NFLog_Size,
MANGLE_ENABLED => \&Mangle_Enabled, MANGLE_ENABLED => \&Mangle_Enabled,
@ -5233,7 +5223,6 @@ sub determine_capabilities() {
$capabilities{TIME_MATCH} = detect_capability( 'TIME_MATCH' ); $capabilities{TIME_MATCH} = detect_capability( 'TIME_MATCH' );
$capabilities{GOTO_TARGET} = detect_capability( 'GOTO_TARGET' ); $capabilities{GOTO_TARGET} = detect_capability( 'GOTO_TARGET' );
$capabilities{LOG_TARGET} = detect_capability( 'LOG_TARGET' ); $capabilities{LOG_TARGET} = detect_capability( 'LOG_TARGET' );
$capabilities{ULOG_TARGET} = detect_capability( 'ULOG_TARGET' );
$capabilities{NFLOG_TARGET} = detect_capability( 'NFLOG_TARGET' ); $capabilities{NFLOG_TARGET} = detect_capability( 'NFLOG_TARGET' );
$capabilities{LOGMARK_TARGET} = detect_capability( 'LOGMARK_TARGET' ); $capabilities{LOGMARK_TARGET} = detect_capability( 'LOGMARK_TARGET' );
$capabilities{FLOW_FILTER} = detect_capability( 'FLOW_FILTER' ); $capabilities{FLOW_FILTER} = detect_capability( 'FLOW_FILTER' );
@ -6790,9 +6779,7 @@ sub get_configuration( $$$ ) {
} }
if ( supplied( $val = $config{LOG_BACKEND} ) ) { if ( supplied( $val = $config{LOG_BACKEND} ) ) {
if ( $family == F_IPV4 && $val eq 'ULOG' ) { if ( $val eq 'netlink' ) {
$val = 'ipt_ULOG';
} elsif ( $val eq 'netlink' ) {
$val = 'nfnetlink_log'; $val = 'nfnetlink_log';
} elsif ( $val eq 'LOG' ) { } elsif ( $val eq 'LOG' ) {
$val = $family == F_IPV4 ? 'ipt_LOG' : 'ip6t_LOG'; $val = $family == F_IPV4 ? 'ipt_LOG' : 'ip6t_LOG';

2
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -94,7 +94,7 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
my $level = ''; my $level = '';
if ( $action =~ /^(?:NFLOG|ULOG)/ ) { if ( $action =~ /^NFLOG/ ) {
$action = join( ":" , 'LOG', $action ); $action = join( ":" , 'LOG', $action );
} }

4
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1580,7 +1580,7 @@ sub merge_levels ($$) {
my $tag = $supparts[2]; my $tag = $supparts[2];
if ( @supparts == 3 ) { if ( @supparts == 3 ) {
return "$subordinate:$tag" if $target =~ /^(?:NFLOG|ULOG)\b/; return "$subordinate:$tag" if $target =~ /^NFLOG\b/;
return "$target:none!:$tag" if $level eq 'none!'; return "$target:none!:$tag" if $level eq 'none!';
return "$target:$level:$tag" if $level =~ /!$/; return "$target:$level:$tag" if $level =~ /!$/;
return $subordinate if $subparts >= 2; return $subordinate if $subparts >= 2;
@ -1588,7 +1588,7 @@ sub merge_levels ($$) {
} }
if ( @supparts == 2 ) { if ( @supparts == 2 ) {
return $subordinate if $target =~ /^(?:NFLOG|ULOG)\b/; return $subordinate if $target =~ /^NFLOG\b/;
return "$target:none!" if $level eq 'none!'; return "$target:none!" if $level eq 'none!';
return "$target:$level" if ($level =~ /!$/) || ($subparts < 2); return "$target:$level" if ($level =~ /!$/) || ($subparts < 2);
} }

7
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -334,9 +334,10 @@
<listitem> <listitem>
<para><option>ULOG</option></para> <para><option>ULOG</option></para>
<para>IPv4 only. Added in Shoreawll 4.6.0. Queues the packet to <para>IPv4 only. Added in Shoreawll 4.6.0 and removed in
a backend logging daemon using the ULOG netfilter target with Shorewall 5.2.2. Queues the packet to a backend logging daemon
the specified <replaceable>ulog-parameters</replaceable>.</para> using the ULOG netfilter target with the specified
<replaceable>ulog-parameters</replaceable>.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>

13
Shorewall/manpages/shorewall-logging.xml
View File

@ -326,8 +326,8 @@ REJECT(icmp-proto-unreachable):notice:IPv6,tunneling loc net
<term>ULOG (ipt_ULOG)</term> <term>ULOG (ipt_ULOG)</term>
<listitem> <listitem>
<para>ULOG logging as described ablve. Only available for <para>ULOG logging as described ablve. Only available for IPv4 and
IPv4.</para> removed in Shorewall 5.2.2.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -343,10 +343,10 @@ REJECT(icmp-proto-unreachable):notice:IPv6,tunneling loc net
<para>The currently-available and currently-selected IPv4 and IPv6 <para>The currently-available and currently-selected IPv4 and IPv6
backends are shown in /proc/sys/net/netfilter/nf_log:</para> backends are shown in /proc/sys/net/netfilter/nf_log:</para>
<programlisting>cat /proc/net/netfilter/nf_log <programlisting>$ cat /proc/net/netfilter/nf_log
0 NONE (nfnetlink_log) 0 NONE (nfnetlink_log)
1 NONE (nfnetlink_log) 1 NONE (nfnetlink_log)
2 ipt_ULOG (ipt_ULOG,ipt_LOG,nfnetlink_log) 2 nf_log_ipv4 (nf_log_ipv4,nfnetlink_log)
3 NONE (nfnetlink_log) 3 NONE (nfnetlink_log)
4 NONE (nfnetlink_log) 4 NONE (nfnetlink_log)
5 NONE (nfnetlink_log) 5 NONE (nfnetlink_log)
@ -354,9 +354,10 @@ REJECT(icmp-proto-unreachable):notice:IPv6,tunneling loc net
7 NONE (nfnetlink_log) 7 NONE (nfnetlink_log)
8 NONE (nfnetlink_log) 8 NONE (nfnetlink_log)
9 NONE (nfnetlink_log) 9 NONE (nfnetlink_log)
10 ip6t_LOG (ip6t_LOG,nfnetlink_log) 10 nf_log_ipv6 (nf_log_ipv6,nfnetlink_log)
11 NONE (nfnetlink_log) 11 NONE (nfnetlink_log)
12 NONE (nfnetlink_log)</programlisting> 12 NONE (nfnetlink_log)
$</programlisting>
<para>The magic numbers (0-12) are Linux address family numbers (AF_INET <para>The magic numbers (0-12) are Linux address family numbers (AF_INET
is 2 and AF_INET6 is 10).</para> is 2 and AF_INET6 is 10).</para>

5
Shorewall/manpages/shorewall-policy.xml
View File

@ -279,6 +279,11 @@
separate log through use of ulogd (<ulink separate log through use of ulogd (<ulink
url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para> url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
<note>
<para>Support for ULOG was removed in Shorewall 5.2.2 as Netfilter
has dropped support for ULOG.</para>
</note>
<para>For a description of logging, see <ulink <para>For a description of logging, see <ulink
url="/shorewall_logging.html">shorewall-logging(5)</ulink>.</para> url="/shorewall_logging.html">shorewall-logging(5)</ulink>.</para>

7
Shorewall/manpages/shorewall-rules.xml
View File

@ -905,9 +905,10 @@
role="bold">ULOG</emphasis>[(<replaceable>ulog-parameters</replaceable>)]</term> role="bold">ULOG</emphasis>[(<replaceable>ulog-parameters</replaceable>)]</term>
<listitem> <listitem>
<para>IPv4 only. Added in Shorewall 4.5.10. Queues matching <para>IPv4 only. Added in Shorewall 4.5.10 and removed in
packets to a back end logging daemon via a netlink socket then 5.2.2. Queues matching packets to a back end logging daemon
continues to the next rule. See <ulink via a netlink socket then continues to the next rule. See
<ulink
url="shorewall-logging.html">shorewall-logging(5)</ulink>.</para> url="shorewall-logging.html">shorewall-logging(5)</ulink>.</para>
<para>Similar to<emphasis role="bold"> <para>Similar to<emphasis role="bold">

9
Shorewall/manpages/shorewall-snat.xml
View File

@ -221,9 +221,10 @@
role="bold">ULOG</emphasis>[(<replaceable>ulog-parameters</replaceable>)]</term> role="bold">ULOG</emphasis>[(<replaceable>ulog-parameters</replaceable>)]</term>
<listitem> <listitem>
<para>IPv4 only. Added in Shorewall 5.1.9. Queues matching <para>IPv4 only. Added in Shorewall 5.1.9 and removed in
packets to a back end logging daemon via a netlink socket then Shorewall 5.2.2. Queues matching packets to a back end logging
continues to the next rule. See <ulink daemon via a netlink socket then continues to the next rule.
See <ulink
url="shorewall-logging.html">shorewall-logging(5)</ulink>.</para> url="shorewall-logging.html">shorewall-logging(5)</ulink>.</para>
<para>Similar to<emphasis role="bold"> <para>Similar to<emphasis role="bold">
@ -288,7 +289,7 @@
<para>Beginning with Shorewall 5.1.12, SNAT may be performed in the <para>Beginning with Shorewall 5.1.12, SNAT may be performed in the
nat table's INPUT chain by specifying $FW rather than one or more nat table's INPUT chain by specifying $FW rather than one or more
interfaces. </para> interfaces.</para>
<para>Each interface must match an entry in <ulink <para>Each interface must match an entry in <ulink
url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5). url="/manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).

8
Shorewall/manpages/shorewall.conf.xml
View File

@ -91,6 +91,11 @@
<programlisting>LOG_LEVEL="NFLOG(1,0,1)"</programlisting> <programlisting>LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
</note> </note>
<note>
<para>Support for ULOG was removed in Shorewall 5.2.2 as Netfilter has
removed support for ULOG logging.</para>
</note>
<para>Beginning with Shorewall 5.0.0, the log level may be followed by a <para>Beginning with Shorewall 5.0.0, the log level may be followed by a
colon (":") and a <firstterm>log tag</firstterm>. The log tag normally colon (":") and a <firstterm>log tag</firstterm>. The log tag normally
follows the packet disposition in Shorewall-generated Netfilter log follows the packet disposition in Shorewall-generated Netfilter log
@ -1425,7 +1430,8 @@ net all DROP info</programlisting>then the chain name is 'net-all'
<listitem> <listitem>
<para>IPv4 only.</para> <para>IPv4 only.</para>
<para>Use ULOG logging to ulogd.</para> <para>Use ULOG logging to ulogd. Support for ULOG was removed
in Shorewall 5.2.2.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

3
docs/Actions.xml
View File

@ -749,7 +749,8 @@ bar:debug</programlisting>
<listitem> <listitem>
<para>Either a syslog level or a ULOG or NFLOG target <para>Either a syslog level or a ULOG or NFLOG target
expression (e.g., "NFLOG(1,0,1)"). Specifies how you want the expression (e.g., "NFLOG(1,0,1)"). Specifies how you want the
logging done.</para> logging done. Support for ULOG was removed in Shorewall
5.2.2.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

19
docs/shorewall_logging.xml
View File

@ -277,7 +277,7 @@
shell variable simplifies future changes. Here's what I had at one shell variable simplifies future changes. Here's what I had at one
time:</para> time:</para>
<programlisting>gateway:/etc/shorewall# grep -v ^\# * | egrep '\$LOG|ULOG|LOGFILE' <programlisting>gateway:/etc/shorewall# grep -v ^\# * | egrep '\$LOG|LOGFILE'
params:LOG=NFLOG params:LOG=NFLOG
policy:loc $FW REJECT $LOG policy:loc $FW REJECT $LOG
policy:net all DROP $LOG 10/sec:40 policy:net all DROP $LOG 10/sec:40
@ -302,8 +302,8 @@ gateway:/etc/shorewall# </programl
<quote><command>logwatch</command></quote> and <quote><command>logwatch</command></quote> and
<quote><command>dump</command></quote> commands.</para> <quote><command>dump</command></quote> commands.</para>
<para>The NFLOG target is a successor to ULOG. Both ULOG and NFLOG may <para>The NFLOG target is a successor to ULOG. NFLOG may be followed by
be followed by a list of up to three numbers in parentheses.</para> a list of up to three numbers in parentheses.</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -384,8 +384,8 @@ sync=1</programlisting>
<term>ULOG (ipt_ULOG)</term> <term>ULOG (ipt_ULOG)</term>
<listitem> <listitem>
<para>ULOG logging as described ablve. Only available for <para>ULOG logging as described ablve. Only available for IPv4 and
IPv4.</para> removed in Shorewall 5.2.2.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -401,10 +401,10 @@ sync=1</programlisting>
<para>The currently-available and currently-selected IPv4 and IPv6 <para>The currently-available and currently-selected IPv4 and IPv6
backends are shown in /proc/sys/net/netfilter/nf_log:</para> backends are shown in /proc/sys/net/netfilter/nf_log:</para>
<programlisting>cat /proc/net/netfilter/nf_log <programlisting>$ cat /proc/net/netfilter/nf_log
0 NONE (nfnetlink_log) 0 NONE (nfnetlink_log)
1 NONE (nfnetlink_log) 1 NONE (nfnetlink_log)
2 ipt_ULOG (ipt_ULOG,ipt_LOG,nfnetlink_log) 2 nf_log_ipv4 (nf_log_ipv4,nfnetlink_log)
3 NONE (nfnetlink_log) 3 NONE (nfnetlink_log)
4 NONE (nfnetlink_log) 4 NONE (nfnetlink_log)
5 NONE (nfnetlink_log) 5 NONE (nfnetlink_log)
@ -412,9 +412,10 @@ sync=1</programlisting>
7 NONE (nfnetlink_log) 7 NONE (nfnetlink_log)
8 NONE (nfnetlink_log) 8 NONE (nfnetlink_log)
9 NONE (nfnetlink_log) 9 NONE (nfnetlink_log)
10 ip6t_LOG (ip6t_LOG,nfnetlink_log) 10 nf_log_ipv6 (nf_log_ipv6,nfnetlink_log)
11 NONE (nfnetlink_log) 11 NONE (nfnetlink_log)
12 NONE (nfnetlink_log)</programlisting> 12 NONE (nfnetlink_log)
$</programlisting>
<para>The magic numbers (0-12) are Linux address family numbers (AF_INET <para>The magic numbers (0-12) are Linux address family numbers (AF_INET
is 2 and AF_INET6 is 10).</para> is 2 and AF_INET6 is 10).</para>