From 48ba93153615ce85007cb455b240d331c0ca8f33 Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 6 Mar 2005 20:05:57 +0000 Subject: [PATCH] Fix log rule generation git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1984 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 9 +++++---- Shorewall2/firewall | 6 +++--- Shorewall2/releasenotes.txt | 5 +++++ 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index f8d061917..a901c96f2 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -8,11 +8,14 @@ Changes in 2.2.2 3) All calls to 'clear' are now conditional on the output device being a terminal. -4) Apply Juergen Kreileder's log/action patch. +4) Apply Juergen Kreileder's patch for logging. 5) Add the output of 'arp -na' to the 'shorewall status' display. -6) Provide support for the Extended multiport match available in 2.6.11. +6) Provide support for the Extended multiport match available in + 2.6.11. + +7) Fix logging rule generation. Changes in 2.2.1 @@ -20,8 +23,6 @@ Changes in 2.2.1 2) Simon Matter's patch for umask. -3) Apply Juergen Kreileder's patch for logging. - Changes since 2.0.3 1) Fix security vulnerability involving temporary files/directories. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 59ec8bed0..76c3b069f 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -30,7 +30,7 @@ # shorewall restart Restarts the firewall # shorewall stop Stops the firewall # shorewall status Displays firewall status -# shorewall reset Resets iptabless packet and +# shorewall reset Resets iptables packet and # byte counts # shorewall clear Remove all Shorewall chains # and rules/policies. @@ -1303,10 +1303,10 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi case $level in ULOG) - $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ;; *) - $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" ;; esac diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index ac78d0459..5b5712f51 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -9,6 +9,11 @@ Problems corrected in version 2.2.2 2) If A is a user-defined action and you have file /etc/shorewall/A then when that file is invoked, the $TAG value may be incorrect. +3) If an iptables command that generates a logging rule failed + previously, the Shorewall [re]start was still successful. This error + is now considered fatal and Shorewall will be either restored from + the last save (if any) or it will be stopped. + ----------------------------------------------------------------------- New Features in version 2.2.2