extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-08 22:11:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Verify the availability of the LOG target

Browse Source
This commit is contained in:
Tom Eastep 2009-06-25 13:50:27 -07:00
parent 974ae7f3bf
commit 40bb8283d2
5 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall/Perl/Shorewall/Config.pm
View File

@ -238,6 +238,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
CONNLIMIT_MATCH => 'Connlimit Match', CONNLIMIT_MATCH => 'Connlimit Match',
TIME_MATCH => 'Time Match', TIME_MATCH => 'Time Match',
GOTO_TARGET => 'Goto Support', GOTO_TARGET => 'Goto Support',
LOG_TARGET => 'LOG Target',
LOGMARK_TARGET => 'LOGMARK Target', LOGMARK_TARGET => 'LOGMARK Target',
IPMARK_TARGET => 'IPMARK Target', IPMARK_TARGET => 'IPMARK Target',
CAPVERSION => 'Capability Version', CAPVERSION => 'Capability Version',
@ -327,7 +328,7 @@ sub initialize( $ ) {
EXPORT => 0, EXPORT => 0,
UNTRACKED => 0, UNTRACKED => 0,
VERSION => "4.4.0-Beta2", VERSION => "4.4.0-Beta2",
CAPVERSION => 40309 , CAPVERSION => 40310 ,
); );
# #
@ -608,6 +609,7 @@ sub initialize( $ ) {
GOTO_TARGET => undef, GOTO_TARGET => undef,
LOGMARK_TARGET => undef, LOGMARK_TARGET => undef,
IPMARK_TARGET => undef, IPMARK_TARGET => undef,
LOG_TARGET => 1, # Assume that we have it.
CAPVERSION => undef, CAPVERSION => undef,
); );
# #
@ -1702,8 +1704,16 @@ sub validate_level( $ ) {
if ( defined $level && $level ne '' ) { if ( defined $level && $level ne '' ) {
$level =~ s/!$//; $level =~ s/!$//;
my $value = $validlevels{$level}; my $value = $validlevels{$level};
return $value if defined $value;
return $level if $level =~ /^[0-7]$/; if ( defined $value ) {
require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' ) unless $value eq '';
return $value;
}
if ( $level =~ /^[0-7]$/ ) {
require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
return $level;
}
if ( $level =~ /^(NFLOG|ULOG)[(](.*)[)]$/ ) { if ( $level =~ /^(NFLOG|ULOG)[(](.*)[)]$/ ) {
my $olevel = $1; my $olevel = $1;
@ -1722,14 +1732,17 @@ sub validate_level( $ ) {
$index++; $index++;
} }
require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
return $olevel; return $olevel;
} }
if ( $level =~ /^NFLOG --/ or $level =~ /^ULOG --/ ) { if ( $level =~ /^NFLOG --/ or $level =~ /^ULOG --/ ) {
require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
return $rawlevel; return $rawlevel;
} }
if ( $level eq 'LOGMARK' ) { if ( $level eq 'LOGMARK' ) {
require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' ); require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
return 'LOGMARK'; return 'LOGMARK';
} }
@ -2016,6 +2029,7 @@ sub determine_capabilities( $ ) {
$capabilities{CONNLIMIT_MATCH} = qt1( "$iptables -A $sillyname -m connlimit --connlimit-above 8" ); $capabilities{CONNLIMIT_MATCH} = qt1( "$iptables -A $sillyname -m connlimit --connlimit-above 8" );
$capabilities{TIME_MATCH} = qt1( "$iptables -A $sillyname -m time --timestart 11:00" ); $capabilities{TIME_MATCH} = qt1( "$iptables -A $sillyname -m time --timestart 11:00" );
$capabilities{GOTO_TARGET} = qt1( "$iptables -A $sillyname -g $sillyname1" ); $capabilities{GOTO_TARGET} = qt1( "$iptables -A $sillyname -g $sillyname1" );
$capabilities{LOG_TARGET} = qt1( "$iptables -A $sillyname -j LOG" );
$capabilities{LOGMARK_TARGET} = qt1( "$iptables -A $sillyname -j LOGMARK" ); $capabilities{LOGMARK_TARGET} = qt1( "$iptables -A $sillyname -j LOGMARK" );
qt1( "$iptables -F $sillyname" ); qt1( "$iptables -F $sillyname" );

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in Shorewall 4.4.0-Beta3
3) Fix 'show dynamic'. 3) Fix 'show dynamic'.
4) Check for xt_LOG.
Changes in Shorewall 4.4.0-Beta2 Changes in Shorewall 4.4.0-Beta2
1) The 'find_first_interface_address()' and 1) The 'find_first_interface_address()' and

6
Shorewall/lib.base
View File

@ -30,7 +30,7 @@
# #
SHOREWALL_LIBVERSION=40000 SHOREWALL_LIBVERSION=40000
SHOREWALL_CAPVERSION=40309 SHOREWALL_CAPVERSION=40310
[ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
@ -819,6 +819,7 @@ determine_capabilities() {
GOTO_TARGET= GOTO_TARGET=
LOGMARK_TARGET= LOGMARK_TARGET=
IPMARK_TARGET= IPMARK_TARGET=
LOG_TARGET=Yes
chain=fooX$$ chain=fooX$$
@ -943,6 +944,7 @@ determine_capabilities() {
qt $IPTABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes qt $IPTABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes
qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes
qt $IPTABLES -A $chain -j LOGMARK && LOGMARK_TARGET=Yes qt $IPTABLES -A $chain -j LOGMARK && LOGMARK_TARGET=Yes
qt $IPTABLES -A $chain -j LOG || LOG_TARGET=
qt $IPTABLES -F $chain qt $IPTABLES -F $chain
qt $IPTABLES -X $chain qt $IPTABLES -X $chain
@ -1008,6 +1010,7 @@ report_capabilities() {
report_capability "Goto Support" $GOTO_TARGET report_capability "Goto Support" $GOTO_TARGET
report_capability "LOGMARK Target" $LOGMARK_TARGET report_capability "LOGMARK Target" $LOGMARK_TARGET
report_capability "IPMARK Target" $IPMARK_TARGET report_capability "IPMARK Target" $IPMARK_TARGET
report_capability "LOG Target" $LOG_TARGET
fi fi
[ -n "$PKTTYPE" ] || USEPKTTYPE= [ -n "$PKTTYPE" ] || USEPKTTYPE=
@ -1064,6 +1067,7 @@ report_capabilities1() {
report_capability1 GOTO_TARGET report_capability1 GOTO_TARGET
report_capability1 LOGMARK_TARGET report_capability1 LOGMARK_TARGET
report_capability1 IPMARK_TARGET report_capability1 IPMARK_TARGET
report_capability1 LOG_TARGET
echo CAPVERSION=$SHOREWALL_CAPVERSION echo CAPVERSION=$SHOREWALL_CAPVERSION
} }

2
Shorewall/modules
View File

@ -27,6 +27,7 @@ loadmodule nf_conntrack_ipv4
loadmodule iptable_nat loadmodule iptable_nat
loadmodule xt_state loadmodule xt_state
loadmodule xt_tcpudp loadmodule xt_tcpudp
loadmodule ipt_LOG
# #
# Other xtables modules # Other xtables modules
# #
@ -120,6 +121,7 @@ loadmodule nf_nat_tftp
# #
loadmodule sch_sfq loadmodule sch_sfq
loadmodule sch_ingress loadmodule sch_ingress
loadmodule sch_hfsc
loadmodule sch_htb loadmodule sch_htb
loadmodule cls_u32 loadmodule cls_u32
loadmodule cls_fw loadmodule cls_fw

6
Shorewall/releasenotes.txt
View File

@ -146,6 +146,12 @@ None.
macro.Citrix macro.Citrix
macro.Razor macro.Razor
2) The Shorewall compiler now checks for availability of the LOG
target if the configuration does any logging. This change involves
a new version of the capabilities file so users employing a
capabilties file should re-generate that file before trying to
start/restart Shorewall.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 4 N E W F E A T U R E S IN 4 . 4
---------------------------------------------------------------------------- ----------------------------------------------------------------------------