mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Correctons to LOG_BACKEND implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
580e00dabd
commit
540eff24aa
@ -743,7 +743,7 @@ sub compiler {
|
||||
|
||||
setup_source_routing($family);
|
||||
|
||||
setup_log_backend;
|
||||
setup_log_backend($family);
|
||||
#
|
||||
# Proxy Arp/Ndp
|
||||
#
|
||||
|
@ -5750,7 +5750,7 @@ sub get_configuration( $$$$$ ) {
|
||||
|
||||
if ( defined( $val = $config{LOG_BACKEND} ) ) {
|
||||
if ( $family == F_IPV4 && $val eq 'ULOG' ) {
|
||||
$val = 'xt_ULOG';
|
||||
$val = 'ipt_ULOG';
|
||||
} elsif ( $val eq 'netlink' ) {
|
||||
$val = 'nfnetlink_log';
|
||||
} elsif ( $val eq 'LOG' ) {
|
||||
|
@ -349,17 +349,22 @@ sub setup_interface_proc( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
sub setup_log_backend() {
|
||||
sub setup_log_backend($) {
|
||||
if ( my $setting = $config{LOG_BACKEND} ) {
|
||||
my $file = '/proc/sys/net/netfilter/nf_log';
|
||||
my $family = shift;
|
||||
my $file = '/proc/net/netfilter/nf_log';
|
||||
my $ctl = 'net.netfilter.nf_log.' . ( $family == F_IPV4 ? '2' : '10' );
|
||||
|
||||
emit( "if -f $file; then",
|
||||
" if echo $setting > $file; then",
|
||||
emit( 'progress_message2 "Setting up log backend"',
|
||||
'',
|
||||
"if [ -f $file ]; then",
|
||||
" if sysctl $ctl=$setting; then",
|
||||
" progress_message 'Log Backend set to $setting'",
|
||||
" else",
|
||||
" error_meessage 'WARNING: Unable to set log backend to $setting'",
|
||||
"else",
|
||||
" error_message 'WARNING: $file does not exist - log backend not set",
|
||||
' else',
|
||||
" error_message 'WARNING: Unable to set log backend to $setting'",
|
||||
' fi',
|
||||
'else',
|
||||
" error_message 'WARNING: $file does not exist - log backend not set'",
|
||||
"fi\n" );
|
||||
}
|
||||
}
|
||||
|
@ -382,7 +382,7 @@ ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080 </programlis
|
||||
|
||||
<para>Example - change the IPv4 backend to LOG:</para>
|
||||
|
||||
<programlisting>echo ipt_LOG > /proc/net/netfilter/nf_log.2</programlisting>
|
||||
<programlisting>sysctl net.netfilter.nf_log.2=ipt_LOG</programlisting>
|
||||
|
||||
<para>Beginning with Shorewall 4.6.4, you can configure the backend using
|
||||
the LOG_BACKEND option in <ulink
|
||||
|
Loading…
Reference in New Issue
Block a user