From 2b3606dd256e5dff764a887e067d0a186183e703 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 6 Jul 2004 20:41:53 +0000 Subject: [PATCH] Fix logging nat rules git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1455 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 2 ++ Shorewall2/firewall | 4 ++-- Shorewall2/releasenotes.txt | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 12f99c635..301a9c846 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -8,3 +8,5 @@ Changes since 2.0.3 3) Correct mktempfile() for case where mktemp isn't installed. 4) Implement 'dropInvalid' builtin action. + +5) Fix logging nat rules. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index d25b9511a..2e8e02b9a 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -3062,7 +3062,7 @@ add_nat_rule() { else for adr in $(separate_list $addr); do if [ -n "$loglevel" ]; then - log_rule_limit $loglevel $OUTPUT $logtarget "$ratelimit" "$logtag" -t nat \ + log_rule_limit $loglevel OUTPUT $logtarget "$ratelimit" "$logtag" -t nat \ $(fix_bang $proto $cli $sports $userandgroup -d $adr $multiport $dports) fi @@ -3093,7 +3093,7 @@ add_nat_rule() { done if [ -n "$loglevel" ]; then - log_rule_limit $loglevel $chain $logtarget "$ratelimit" -t nat + log_rule_limit $loglevel $chain $logtarget "$ratelimit" "$logtag" -t nat fi addnatrule $chain $ratelimit $proto -j $target1 # Protocol is necessary for port redirection diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 4bce2d2ee..a8d9697e3 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -9,6 +9,9 @@ Problems Corrected since 2.0.3 2) A potential security vulnerablilty in the way that Shorewall handles temporary files and directories has been corrected. +3) Two problems with logging NAT rules (DNAT and REDIRECT) could cause + startup failures. + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0 to Shorewall 2.1: