extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 03:59:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update Articles

Browse Source 
-Fix typo in Shorewall-5
-Add tag info in the logging article
This commit is contained in:
Tom Eastep 2015-09-09 15:31:47 -07:00
parent 7be4190e4c
commit 5ce10a633b
2 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Shorewall-5.xml
View File

@ -347,7 +347,7 @@
<section> <section>
<title>Upgrading to Shorewall 5</title> <title>Upgrading to Shorewall 5</title>
<para>It is stongly recommended that you first upgrade your installation <para>It is strongly recommended that you first upgrade your installation
to a 4.6 release that supports the <option>-A</option> option to the to a 4.6 release that supports the <option>-A</option> option to the
<command>update</command> command; 4.6.13 is preferred.</para> <command>update</command> command; 4.6.13 is preferred.</para>

46
docs/shorewall_logging.xml
View File

@ -316,7 +316,12 @@ gateway:/etc/shorewall# </programl
<para><filename>/etc/shorewall/rules</filename>:<programlisting>#ACTION SOURCE DEST PROTO DEST <para><filename>/etc/shorewall/rules</filename>:<programlisting>#ACTION SOURCE DEST PROTO DEST
# PORT(S) # PORT(S)
ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080 </programlisting></para> ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080 </programlisting><important>
<para>Shorewall considers <emphasis role="bold">ULOG(...)</emphasis>
and <emphasis role="bold">NFLOG(...)</emphasis> to be <emphasis
role="bold">log levels</emphasis>, just like info, debug, etc. even
though they are not defined by syslog.</para>
</important></para>
</section> </section>
</section> </section>
@ -411,4 +416,43 @@ ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080 </programlis
<para>For Shorewall-specific information, see <ulink <para>For Shorewall-specific information, see <ulink
url="FAQ.htm#faq17">FAQ #17</ulink>.</para> url="FAQ.htm#faq17">FAQ #17</ulink>.</para>
</section> </section>
<section>
<title>Customizing the Content of Shorewall Log Messages</title>
<para>In addition to the <link linkend="Levels">options</link> mentioned
above, a certain amount of customization of the Netfilter-generated
messages is allowed.</para>
<section id="LogTags">
<title>Log Tags</title>
<para>In a Shorewall logging rule, the log level can be followed by
a<firstterm> log tag</firstterm> as in "DROP:NFLOG:junk". The generated
log message will include "<emphasis>chain-name</emphasis> junk
DROP".</para>
</section>
<section>
<title>LOGTAGONLY</title>
<para>By setting the LOGTAGONLY option to Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> or <ulink
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink>, the
disposition ('DROP' in the above example) will be omitted. See the
shorewall[6].conf man page for further information about how
LOGTAGONLY=Yes can be used.</para>
</section>
<section>
<title>Log Levels in shorewall[6].conf</title>
<para><ulink
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and <ulink
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink> have a
number of options whose values are log levels. Beginnint with Shorewall
5.0.0, these specifcations may include a log tag as described <link
linkend="LogTags">above</link>.</para>
</section>
</section>
</article> </article>