mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Allow tags in global LOG_LEVELs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
fcd5b30ca8
commit
17d1caf8c5
@ -2729,8 +2729,8 @@ sub ensure_manual_chain($) {
|
||||
|
||||
sub log_irule_limit( $$$$$$$@ );
|
||||
|
||||
sub ensure_blacklog_chain( $$$$ ) {
|
||||
my ( $target, $disposition, $level, $audit ) = @_;
|
||||
sub ensure_blacklog_chain( $$$$$ ) {
|
||||
my ( $target, $disposition, $level, $tag, $audit ) = @_;
|
||||
|
||||
unless ( $filter_table->{blacklog} ) {
|
||||
my $logchainref = new_manual_chain 'blacklog';
|
||||
@ -2738,7 +2738,7 @@ sub ensure_blacklog_chain( $$$$ ) {
|
||||
$target =~ s/A_//;
|
||||
$target = 'reject' if $target eq 'REJECT';
|
||||
|
||||
log_irule_limit( $level , $logchainref , 'blacklst' , $disposition , $globals{LOGILIMIT} , '', 'add' );
|
||||
log_irule_limit( $level , $logchainref , 'blacklst' , $disposition , $globals{LOGILIMIT} , $tag, 'add' );
|
||||
|
||||
add_ijump( $logchainref, j => 'AUDIT', targetopts => '--type ' . lc $target ) if $audit;
|
||||
add_ijump( $logchainref, g => $target );
|
||||
|
||||
@ -713,6 +713,14 @@ sub initialize( $;$$) {
|
||||
KLUDGEFREE => '',
|
||||
VERSION => "4.5.19-Beta1",
|
||||
CAPVERSION => 40609 ,
|
||||
BLACKLIST_LOG_TAG => '',
|
||||
RELATED_LOG_TAG => '',
|
||||
MACLIST_LOG_TAG => '',
|
||||
TCP_FLAGS_LOG_TAG => '',
|
||||
SMURF_LOG_TAG => '',
|
||||
RPFILTER_LOG_TAG => '',
|
||||
INVALID_LOG_TAG => '',
|
||||
UNTRACKED_LOG_TAG => '',
|
||||
);
|
||||
#
|
||||
# From shorewall.conf file
|
||||
@ -3742,7 +3750,15 @@ sub default_log_level( $$ ) {
|
||||
unless ( supplied $value ) {
|
||||
$config{$level} = validate_level $default, $level;
|
||||
} else {
|
||||
( $value, my $tag ) = split( ':', $value , 2 );
|
||||
$config{$level} = validate_level $value, $level;
|
||||
if ( supplied $tag ) {
|
||||
my $tag_name = $level;
|
||||
|
||||
$tag_name =~ s/_LEVEL/_TAG/;
|
||||
|
||||
$globals{$tag_name} = $tag;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -136,10 +136,17 @@ sub setup_ecn()
|
||||
}
|
||||
}
|
||||
|
||||
sub add_rule_pair( $$$$ ) {
|
||||
my ($chainref , $predicate , $target , $level ) = @_;
|
||||
sub add_rule_pair( $$$$$ ) {
|
||||
my ($chainref , $predicate , $target , $level, $tag ) = @_;
|
||||
|
||||
log_rule( $level, $chainref, "\U$target", $predicate ) if supplied $level;
|
||||
log_rule_limit( $level,
|
||||
$chainref,
|
||||
$chainref->{name},
|
||||
"\U$target",
|
||||
$globals{LOGLIMIT},
|
||||
$tag,
|
||||
'add',
|
||||
$predicate ) if supplied $level;
|
||||
add_jump( $chainref , $target, 0, $predicate );
|
||||
}
|
||||
|
||||
@ -195,13 +202,16 @@ sub convert_blacklist() {
|
||||
my $zones = find_zones_by_option 'blacklist', 'in';
|
||||
my $zones1 = find_zones_by_option 'blacklist', 'out';
|
||||
my ( $level, $disposition ) = @config{'BLACKLIST_LOG_LEVEL', 'BLACKLIST_DISPOSITION' };
|
||||
my $tag = $globals{MACLIST_LOG_TAG};
|
||||
my $audit = $disposition =~ /^A_/;
|
||||
my $target = $disposition;
|
||||
my $orig_target = $target;
|
||||
my @rules;
|
||||
|
||||
if ( @$zones || @$zones1 ) {
|
||||
$target = "$target:$level" if supplied $level;
|
||||
if ( supplied $level ) {
|
||||
$target = supplied $tag ? "$target:$level:$tag":"$target:$level";
|
||||
}
|
||||
|
||||
my $fn = open_file( 'blacklist' );
|
||||
|
||||
@ -631,11 +641,12 @@ sub add_common_rules ( $ ) {
|
||||
my @state = state_imatch( $globals{BLACKLIST_STATES} );
|
||||
my $faststate = $config{RELATED_DISPOSITION} eq 'ACCEPT' && $config{RELATED_LOG_LEVEL} eq '' ? 'ESTABLISHED,RELATED' : 'ESTABLISHED';
|
||||
my $level = $config{BLACKLIST_LOG_LEVEL};
|
||||
my $tag = $globals{BLACKLIST_LOG_TAG};
|
||||
my $rejectref = $filter_table->{reject};
|
||||
|
||||
if ( $config{DYNAMIC_BLACKLIST} ) {
|
||||
add_rule_pair( set_optflags( new_standard_chain( 'logdrop' ) , DONT_OPTIMIZE | DONT_DELETE ), '' , 'DROP' , $level );
|
||||
add_rule_pair( set_optflags( new_standard_chain( 'logreject' ), DONT_OPTIMIZE | DONT_DELETE ), '' , 'reject' , $level );
|
||||
add_rule_pair( set_optflags( new_standard_chain( 'logdrop' ) , DONT_OPTIMIZE | DONT_DELETE ), '' , 'DROP' , $level , $tag);
|
||||
add_rule_pair( set_optflags( new_standard_chain( 'logreject' ), DONT_OPTIMIZE | DONT_DELETE ), '' , 'reject' , $level , $tag);
|
||||
$dynamicref = set_optflags( new_standard_chain( 'dynamic' ) , DONT_OPTIMIZE );
|
||||
add_commands( $dynamicref, '[ -f ${VARDIR}/.dynamic ] && cat ${VARDIR}/.dynamic >&3' );
|
||||
}
|
||||
@ -648,6 +659,7 @@ sub add_common_rules ( $ ) {
|
||||
|
||||
my $policy = $config{SFILTER_DISPOSITION};
|
||||
$level = $config{SFILTER_LOG_LEVEL};
|
||||
$tag = $config{SFILTER_LOG_TAG};
|
||||
my $audit = $policy =~ s/^A_//;
|
||||
my @ipsec = have_ipsec ? ( policy => '--pol none --dir in' ) : ();
|
||||
|
||||
@ -657,7 +669,14 @@ sub add_common_rules ( $ ) {
|
||||
#
|
||||
$chainref = new_standard_chain 'sfilter';
|
||||
|
||||
log_rule $level , $chainref , $policy , '' if $level ne '';
|
||||
log_rule_limit( $level,
|
||||
$chainref,
|
||||
$chainref->{name},
|
||||
$policy,
|
||||
$globals{LOGLIMIT},
|
||||
$tag,
|
||||
'add',
|
||||
'' ) if $level ne '';
|
||||
|
||||
add_ijump( $chainref, j => 'AUDIT', targetopts => '--type ' . lc $policy ) if $audit;
|
||||
|
||||
@ -742,6 +761,7 @@ sub add_common_rules ( $ ) {
|
||||
if ( @$list ) {
|
||||
$policy = $config{RPFILTER_DISPOSITION};
|
||||
$level = $config{RPFILTER_LOG_LEVEL};
|
||||
$tag = $globals{RPFILTER_LOG_TAG};
|
||||
$audit = $policy =~ s/^A_//;
|
||||
|
||||
if ( $level || $audit ) {
|
||||
@ -750,7 +770,14 @@ sub add_common_rules ( $ ) {
|
||||
#
|
||||
$chainref = ensure_mangle_chain 'rplog';
|
||||
|
||||
log_rule $level , $chainref , $policy , '' if $level ne '';
|
||||
log_rule_limit( $level,
|
||||
$chainref,
|
||||
$chainref->{name},
|
||||
$policy,
|
||||
$globals{LOGLIMIT},
|
||||
$tag,
|
||||
'add',
|
||||
'' ) if $level ne '';
|
||||
|
||||
add_ijump( $chainref, j => 'AUDIT', targetopts => '--type ' . lc $policy ) if $audit;
|
||||
|
||||
@ -811,7 +838,7 @@ sub add_common_rules ( $ ) {
|
||||
'smurfs' ,
|
||||
'DROP',
|
||||
$globals{LOGILIMIT},
|
||||
'',
|
||||
$globals{SMURF_LOG_TAG},
|
||||
'add' );
|
||||
add_ijump( $smurfref, j => 'AUDIT', targetopts => '--type drop' ) if $smurfdest eq 'A_DROP';
|
||||
add_ijump( $smurfref, j => 'DROP' );
|
||||
@ -933,6 +960,7 @@ sub add_common_rules ( $ ) {
|
||||
|
||||
if ( @$list ) {
|
||||
my $level = $config{TCP_FLAGS_LOG_LEVEL};
|
||||
my $tag = $globals{TCP_FLAGS_LOG_TAG};
|
||||
my $disposition = $config{TCP_FLAGS_DISPOSITION};
|
||||
my $audit = $disposition =~ /^A_/;
|
||||
|
||||
@ -947,7 +975,15 @@ sub add_common_rules ( $ ) {
|
||||
|
||||
$globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options ";
|
||||
|
||||
log_rule $level , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';
|
||||
log_rule_limit( $level,
|
||||
$logflagsref,
|
||||
'logflags',
|
||||
$disposition,
|
||||
$globals{LOGLIMIT},
|
||||
$tag,
|
||||
'add',
|
||||
''
|
||||
);
|
||||
|
||||
$globals{LOGPARMS} = $savelogparms;
|
||||
|
||||
@ -1052,6 +1088,7 @@ sub setup_mac_lists( $ ) {
|
||||
|
||||
my $target = $globals{MACLIST_TARGET};
|
||||
my $level = $config{MACLIST_LOG_LEVEL};
|
||||
my $tag = $globals{MACLIST_LOG_TAG};
|
||||
my $disposition = $config{MACLIST_DISPOSITION};
|
||||
my $audit = ( $disposition =~ s/^A_// );
|
||||
my $ttl = $config{MACLIST_TTL};
|
||||
@ -1220,7 +1257,7 @@ sub setup_mac_lists( $ ) {
|
||||
|
||||
run_user_exit2( 'maclog', $chainref );
|
||||
|
||||
log_irule_limit $level, $chainref , $chain , $disposition, [], '', 'add' if $level ne '';
|
||||
log_irule_limit $level, $chainref , $chain , $disposition, [], $tag, 'add' if $level ne '';
|
||||
add_ijump $chainref, j => $target;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1022,7 +1022,7 @@ sub finish_chain_section ($$$) {
|
||||
|
||||
for ( qw( ESTABLISHED RELATED INVALID UNTRACKED ) ) {
|
||||
if ( $state{$_} ) {
|
||||
my ( $char, $level, $target ) = @{$statetable{$_}};
|
||||
my ( $char, $level, $tag, $target ) = @{$statetable{$_}};
|
||||
my $twochains = substr( $chainref->{name}, 0, 1 ) eq $char;
|
||||
|
||||
if ( $twochains || $level || $target ne 'ACCEPT' ) {
|
||||
@ -1035,10 +1035,14 @@ sub finish_chain_section ($$$) {
|
||||
$chain2ref = new_chain( 'filter', "${char}$chainref->{name}" );
|
||||
}
|
||||
|
||||
log_rule( $level,
|
||||
$chain2ref,
|
||||
uc $target,
|
||||
'' );
|
||||
log_rule_limit( $level,
|
||||
$chain2ref,
|
||||
$chain2ref->{name},
|
||||
uc $target,
|
||||
$globals{LOGLIMIT},
|
||||
$tag ,
|
||||
'add' ,
|
||||
'');
|
||||
|
||||
$target = ensure_audit_chain( $target ) if ( $targets{$target} || 0 ) & AUDIT;
|
||||
|
||||
@ -3358,10 +3362,10 @@ sub process_rules() {
|
||||
#
|
||||
# Populate the state table
|
||||
#
|
||||
%statetable = ( ESTABLISHED => [ '^', '', 'ACCEPT' ] ,
|
||||
RELATED => [ '+', $config{RELATED_LOG_LEVEL}, $globals{RELATED_TARGET} ] ,
|
||||
INVALID => [ '_', $config{INVALID_LOG_LEVEL}, $globals{INVALID_TARGET} ] ,
|
||||
UNTRACKED => [ '&', $config{UNTRACKED_LOG_LEVEL}, $globals{UNTRACKED_TARGET} ] ,
|
||||
%statetable = ( ESTABLISHED => [ '^', '', '', 'ACCEPT' ] ,
|
||||
RELATED => [ '+', $config{RELATED_LOG_LEVEL}, $globals{RELATED_LOG_TAG}, $globals{RELATED_TARGET} ] ,
|
||||
INVALID => [ '_', $config{INVALID_LOG_LEVEL}, $globals{INVALID_LOG_TAG}, $globals{INVALID_TARGET} ] ,
|
||||
UNTRACKED => [ '&', $config{UNTRACKED_LOG_LEVEL}, $globals{UNTRACKED_LOG_TAG}, $globals{UNTRACKED_TARGET} ] ,
|
||||
);
|
||||
%section_states = ( BLACKLIST_SECTION , $globals{BLACKLIST_STATES},
|
||||
ESTABLISHED_SECTION, 'ESTABLISHED',
|
||||
@ -3391,14 +3395,14 @@ sub process_rules() {
|
||||
|
||||
if ( $fn ) {
|
||||
first_entry( sub () {
|
||||
my ( $level, $disposition ) = @config{'BLACKLIST_LOG_LEVEL', 'BLACKLIST_DISPOSITION' };
|
||||
my ( $level, $disposition , $tag ) = ( @config{'BLACKLIST_LOG_LEVEL', 'BLACKLIST_DISPOSITION' }, $globals{BLACKLIST_LOG_TAG} ) ;
|
||||
my $audit = $disposition =~ /^A_/;
|
||||
my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
|
||||
|
||||
progress_message2 "$doing $currentfilename...";
|
||||
|
||||
if ( supplied $level ) {
|
||||
ensure_blacklog_chain( $target, $disposition, $level, $audit );
|
||||
ensure_blacklog_chain( $target, $disposition, $level, $tag, $audit );
|
||||
ensure_audit_blacklog_chain( $target, $disposition, $level ) if have_capability 'AUDIT_TARGET';
|
||||
} elsif ( $audit ) {
|
||||
require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
|
||||
|
||||
@ -78,18 +78,19 @@
|
||||
|
||||
<note>
|
||||
<para>If you want to specify parameters to ULOG or NFLOG (e.g.,
|
||||
NFLOG(1,0,1)), then you must either quote the setting or you must escape
|
||||
the parentheses.</para>
|
||||
NFLOG(1,0,1)), then you must quote the setting.</para>
|
||||
|
||||
<para>Examples:</para>
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>MACLIST_LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
|
||||
|
||||
<para>or</para>
|
||||
|
||||
<programlisting>MACLIST_LOG_LEVEL=NFLOG\(1,0,1\)</programlisting>
|
||||
</note>
|
||||
|
||||
<para>Beginning with Shorewall 5.0.0, the log level may be followed by a
|
||||
colon (":") and a <firstterm>log tag</firstterm>. The log tag normally
|
||||
follows the packet disposition in Shorewall-generated Netfilter log
|
||||
messages, separated from the disposition by a colon (e.g, "DROP:mytag").
|
||||
See LOGTAGONLY below for additional information. </para>
|
||||
|
||||
<para>Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
|
||||
logs the packet's mark value along with the other usual information. The
|
||||
syntax is:</para>
|
||||
@ -514,7 +515,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">BLACKLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">BLACKLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Formerly named BLACKLIST_LOGLEVEL. This parameter determines
|
||||
@ -1001,7 +1002,7 @@ net all DROP info</programlisting>then the chain name is 'net-all'
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">INVALID_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">INVALID_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.13. Packets in the INVALID state that
|
||||
@ -1464,7 +1465,7 @@ LOG:info:,bar net fw</programlisting>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">MACLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">MACLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Determines the syslog level for logging connection requests
|
||||
@ -2075,7 +2076,7 @@ LOG:info:,bar net fw</programlisting>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">RELATED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">RELATED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.27. Packets in the related state that
|
||||
@ -2292,7 +2293,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">RPFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">RPFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in shorewall 4.5.7. Determines the logging of packets
|
||||
@ -2353,7 +2354,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">SFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">SFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added on Shorewall 4.4.20. Determines the logging of packets
|
||||
@ -2398,7 +2399,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">SMURF_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">SMURF_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Specifies the logging level for smurf packets (see the
|
||||
@ -2573,7 +2574,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">TCP_FLAGS_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">TCP_FLAGS_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Determines the syslog level for logging packets that fail the
|
||||
@ -2649,7 +2650,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">UNTRACKED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">UNTRACKED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.13. Packets in the UNTRACKED state that
|
||||
|
||||
@ -77,18 +77,19 @@
|
||||
|
||||
<note>
|
||||
<para>If you want to specify parameters to ULOG or NFLOG (e.g.,
|
||||
NFLOG(1,0,1)), then you must either quote the setting or you must escape
|
||||
the parentheses.</para>
|
||||
NFLOG(1,0,1)), then you must quote the setting.</para>
|
||||
|
||||
<para>Examples:</para>
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>MACLIST_LOG_LEVEL="NFLOG(1,0,1)"</programlisting>
|
||||
|
||||
<para>or</para>
|
||||
|
||||
<programlisting>MACLIST_LOG_LEVEL=NFLOG\(1,0,1\)</programlisting>
|
||||
</note>
|
||||
|
||||
<para>Beginning with Shorewall 5.0.0, the log level may be followed by a
|
||||
colon (":") and a <firstterm>log tag</firstterm>. The log tag normally
|
||||
follows the packet disposition in Shorewall-generated Netfilter log
|
||||
messages, separated from the disposition by a colon (e.g, "DROP:mytag").
|
||||
See LOGTAGONLY below for additional information.</para>
|
||||
|
||||
<para>The following options may be set in shorewall6.conf.</para>
|
||||
|
||||
<variablelist>
|
||||
@ -434,7 +435,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">BLACKLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">BLACKLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Formerly named BLACKLIST_LOGLEVEL. This parameter determines
|
||||
@ -866,7 +867,7 @@ net all DROP info</programlisting>then the chain name is 'net-all'
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">INVALID_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">INVALID_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.13. Packets in the INVALID state that
|
||||
@ -1291,7 +1292,7 @@ LOG:info:,bar net fw</programlisting>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">MACLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">MACLIST_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Determines the syslog level for logging connection requests
|
||||
@ -1830,7 +1831,7 @@ LOG:info:,bar net fw</programlisting>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">RELATED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">RELATED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.27. Packets in the related state that
|
||||
@ -1971,7 +1972,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">RPFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">RPFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in shorewall 4.5.7. Determines the logging of packets
|
||||
@ -2027,7 +2028,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">SMURF_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">SMURF_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Specifies the logging level for smurf packets (see the
|
||||
@ -2057,7 +2058,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">SFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">SFILTER_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added on Shorewall 4.4.20. Determines the logging of packets
|
||||
@ -2235,7 +2236,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">TCP_FLAGS_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>]</term>
|
||||
role="bold">TCP_FLAGS_LOG_LEVEL=</emphasis>[<emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Determines the syslog level for logging packets that fail the
|
||||
@ -2313,7 +2314,7 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">UNTRACKED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis></term>
|
||||
role="bold">UNTRACKED_LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.13. Packets in the UNTRACKED state that
|
||||
|
||||
Loading…
Reference in New Issue
Block a user