From 60aec9802d3441f188a0ac8a7fa70258ce9d99c8 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 8 Nov 2006 00:16:30 +0000 Subject: [PATCH] Fix whitespace in LOGFORMAT git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4808 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/compiler | 36 +++++++++++++++++++++++++++++++++++- Shorewall/lib.base | 16 +++++++++------- Shorewall/prog.footer | 4 ++-- Shorewall/releasenotes.txt | 3 +++ 5 files changed, 51 insertions(+), 10 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 66ce49d20..ab9965096 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -13,6 +13,8 @@ Changes in 3.3.4 6) Move config file documentary comments to a separate file. +7) Fix whitespace in LOGFORMAT. + Changes in 3.3.4 1) Make exclusion work with "show zones" diff --git a/Shorewall/compiler b/Shorewall/compiler index b2d2a8d3b..26a4eeb33 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -690,6 +690,40 @@ disable_critical_hosts() done } +# +# Logging Rules +# +log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule +{ + local level=$1 + local chain=$2 + local displayChain=$3 + local disposition=$4 + local rulenum= + local limit= + local tag=${6:+$6 } + local command=${7:--A} + local prefix + local base=$(chain_base $displayChain) + + limit="${5:-$LOGLIMIT}" # Do this here rather than in the declaration above to appease /bin/ash. + + shift 7 + + save_command "do_log_rule_limit \"$level\" \"$chain\" \"$displayChain\" \"$disposition\" \"$limit\" \"$tag\" \"$command\" $@" +} + +log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule +{ + local level=$1 + local chain=$2 + local disposition=$3 + + shift 3 + + log_rule_limit $level $chain $chain $disposition "$LOGLIMIT" "" -A $@ +} + # # Set up SYN flood protection # @@ -3515,7 +3549,7 @@ ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | sed 's/inet.*b __EOF__ [ -n "$SMURF_LOG_LEVEL" ] && \ indent >&3 << __EOF__ - log_rule $SMURF_LOG_LEVEL smurfs DROP -s \$address + do_log_rule $SMURF_LOG_LEVEL smurfs DROP -s \$address __EOF__ indent >&3 << __EOF__ run_iptables -A smurfs -s \$address -j DROP diff --git a/Shorewall/lib.base b/Shorewall/lib.base index b2b9f09f3..c53e7716e 100644 --- a/Shorewall/lib.base +++ b/Shorewall/lib.base @@ -554,6 +554,10 @@ chain_base() #$1 = interface while true; do case $c in + @*) + c=at_${c#@} + ;; + *.*) c="${c%.*}_${c##*.}" ;; @@ -1187,7 +1191,7 @@ disable_ipv6() { # # Add a logging rule. # -log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule +do_log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = disposition , $5 = rate limit $6=log tag $7=command $... = predicates for the rule { local level=$1 local chain=$2 @@ -1227,14 +1231,12 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi error_message "WARNING: Log Prefix shortened to \"$prefix\"" fi - [ "$PROGRAM" = compiler ] && prefix="\"$prefix\"" - case $level in ULOG) - run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ;; *) - run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" ;; esac @@ -1243,7 +1245,7 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi fi } -log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule +do_log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates for the rule { local level=$1 local chain=$2 @@ -1251,7 +1253,7 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo shift 3 - log_rule_limit $level $chain $chain $disposition "$LOGLIMIT" "" -A $@ + do_log_rule_limit $level $chain $chain $disposition "$LOGLIMIT" "" -A $@ } delete_tc1() diff --git a/Shorewall/prog.footer b/Shorewall/prog.footer index e338337b6..ba59d492c 100644 --- a/Shorewall/prog.footer +++ b/Shorewall/prog.footer @@ -8,8 +8,6 @@ usage() { ################################################################################ # E X E C U T I O N B E G I N S H E R E # ################################################################################ -initialize - # # Start trace if first arg is "debug" or "trace" # @@ -18,6 +16,8 @@ if [ $# -gt 1 ] && [ "x$1" = "xdebug" -o "x$1" = "xtrace" ]; then shift fi +initialize + finished=0 while [ $finished -eq 0 -a $# -gt 0 ]; do diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index b1519c0bb..89d11a148 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -40,6 +40,9 @@ Problems Corrected in 3.3.5 2) Previously, restoration of routing was ignoring the "-n" option. Now such restoration only occurs if "-n" was not specified. +3) Previously, a startup error resulted when white space was included + in LOGFORMAT. + Other Changes in 3.3.5. 1) Shorewall no longer includes policy matches in its generated