Expunge ULOG from Shorewall6

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9053 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 15:43:30 +01:00 · 2008-12-14 20:03:49 +00:00 · 2008-12-14 20:03:49 +00:00 · 3c651bb7ac
commit 3c651bb7ac
parent a42ba57102
6 changed files with 47 additions and 24 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -16,6 +16,10 @@ Changes in Shorewall 4.3.3

 8) Add RFC 2526 anycast addresses to nosmurfs

+9) Add man pages for Shorewall6 and 6 Lite.
+
+10) Fix IP6TABLES when not specified.
+
 Changes in Shorewall 4.3.2

 1) Added 'dhcp' option.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -28,7 +28,8 @@ There are two incompatible changes in this release.

 Problems Corrected in 4.3.3

-None.
+1)  Previously, if IP6TABLES wasn't specified in shorewall6.conf, it
+    was set to iptables rather than ip6tables.

 Other changes in 4.3.3

@ -61,9 +62,10 @@ Other changes in 4.3.3
    /etc/shorewall6/interfaces. The option is the IPv6 analog of the
    'proxyarp' option in /etc/shorewall/interfaces.

-7)  Source anycast addresses defined by RFC 2526 are not trapped by
+7)  Source anycast addresses defined by RFC 2526 are now trapped by
    'nosmurfs'.

+8)  Manpages are now included for Shorewall6 and Shorewall6-lite.

 Migration Issues.

--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@ -258,6 +258,8 @@ use constant { MIN_VERBOSITY => -1,
 	       F_IPV6 => 6,
 	   };

+our %validlevels;
+
 #
 # Initialize globals -- we take this novel approach to globals initialization to allow
 #                       the compiler to run multiple times in the same process. The
@ -406,6 +408,21 @@ sub initialize( $ ) {
 	      TCP_FLAGS_DISPOSITION => undef,
 	      BLACKLIST_DISPOSITION => undef,
 	    );
+
+	%validlevels = ( DEBUG   => 7,
+			 INFO    => 6,
+			 NOTICE  => 5,
+			 WARNING => 4,
+			 WARN    => 4,
+			 ERR     => 3,
+			 ERROR   => 3,
+			 CRIT    => 2,
+			 ALERT   => 1,
+			 EMERG   => 0,
+			 PANIC   => 0,
+			 NONE    => '',
+			 ULOG    => 'ULOG',
+			 NFLOG   => 'NFLOG');
    } else {
 	$globals{SHAREDIR} = '/usr/share/shorewall';
 	$globals{CONFDIR} =  '/etc/shorewall6';
@ -489,6 +506,20 @@ sub initialize( $ ) {
 	      TCP_FLAGS_DISPOSITION => undef,
 	      BLACKLIST_DISPOSITION => undef,
 	    );
+
+	%validlevels = ( DEBUG   => 7,
+			 INFO    => 6,
+			 NOTICE  => 5,
+			 WARNING => 4,
+			 WARN    => 4,
+			 ERR     => 3,
+			 ERROR   => 3,
+			 CRIT    => 2,
+			 ALERT   => 1,
+			 EMERG   => 0,
+			 PANIC   => 0,
+			 NONE    => '',
+			 NFLOG   => 'NFLOG');
 	}
    #
    # From parsing the capabilities file
@ -1471,20 +1502,6 @@ sub default_yes_no_ipv4 ( $$ ) {
    warning_message "$var=Yes is ignored for IPv6" if $family == F_IPV6 && $config{$var};
 }

-my %validlevels = ( DEBUG   => 7,
-		    INFO    => 6,
-		    NOTICE  => 5,
-		    WARNING => 4,
-		    WARN    => 4,
-		    ERR     => 3,
-		    ERROR   => 3,
-		    CRIT    => 2,
-		    ALERT   => 1,
-		    EMERG   => 0,
-		    PANIC   => 0,
-		    NONE    => '',
-		    ULOG    => 'ULOG',
-		    NFLOG   => 'NFLOG');

 my @suffixes = qw(group range threshold nlgroup cprange qthreshold);

--- a/manpages6/shorewall6-policy.xml
+++ b/manpages6/shorewall6-policy.xml
@ -206,7 +206,7 @@
      <varlistentry>
        <term><emphasis role="bold">LOG LEVEL</emphasis> (Optional) -
        [<emphasis>log-level</emphasis>|<emphasis
-        role="bold">ULOG</emphasis>]</term>
+        role="bold">NFLOG</emphasis>]</term>

        <listitem>
          <para>If supplied, each connection handled under the default POLICY
@ -214,8 +214,8 @@
          generated. See syslog.conf(5) for a description of log
          levels.</para>

-          <para>You may also specify ULOG (must be in upper case). This will
-          log to the ULOG target and will send to a separate log through use
+          <para>You may also specify NFLOG (must be in upper case). This will
+          log to the NFLOG target and will send to a separate log through use
          of ulogd (<ulink
          url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>

--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@ -367,8 +367,8 @@
              </listitem>
            </itemizedlist>

-            <para>You may also specify <emphasis role="bold">ULOG</emphasis>
-            (must be in upper case) as a log level.This will log to the ULOG
+            <para>You may also specify <emphasis role="bold">NFLOG</emphasis>
+            (must be in upper case) as a log level.This will log to the NFLOG
            target for routing to a separate log through use of ulogd (<ulink
            url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>

--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -60,10 +60,10 @@
    level to choose, 6 (info) is a safe bet. You may specify levels by name or
    by number.</para>

-    <para>If you have built your kernel with ULOG target support, you may also
-    specify a log level of ULOG (must be all caps). Rather than log its
+    <para>If you have built your kernel with NFLOG target support, you may
+    also specify a log level of NFLOG (must be all caps). Rather than log its
    messages to syslogd, Shorewall6 will direct netfilter to log the messages
-    via the ULOG target which will send them to a process called 'ulogd'.
+    via the NFLOG target which will send them to a process called 'ulogd'.
    ulogd is available with most Linux distributions (although it probably
    isn't installed by default). Ulogd is also available from <ulink
    url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>