diff --git a/Shorewall/firewall b/Shorewall/firewall index 30c978456..93d731585 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -916,26 +916,41 @@ log_rule() # $1 = log level, $2 = chain, $3 = disposition , $... = predicates fo shift;shift;shift - eval rulenum=\$${chain}_logrules + if [ -n "$LOGRULENUMBERS" ]; then + eval rulenum=\$${chain}_logrules - [ -z "$rulenum" ] && rulenum=1 + [ -z "$rulenum" ] && rulenum=1 - case $level in - ULOG) - eval iptables -A $chain $@ -j ULOG $LOGPARMS --ulog-prefix '"`printf "$LOGFORMAT" $chain $rulenum $disposition`"' - ;; - *) - eval iptables -A $chain $@ -j LOG $LOGPARMS --log-prefix '"`printf "$LOGFORMAT" $chain $rulenum $disposition`"' - ;; - esac + case $level in + ULOG) + eval iptables -A $chain $@ -j ULOG $LOGPARMS --ulog-prefix '"`printf "$LOGFORMAT" $chain $rulenum $disposition`"' + ;; + *) + eval iptables -A $chain $@ -j LOG $LOGPARMS --log-prefix '"`printf "$LOGFORMAT" $chain $rulenum $disposition`"' + ;; + esac + + if [ $? -ne 0 ] ; then + [ -z "$stopping" ] && { stop_firewall; exit 2; } + fi - if [ $? -ne 0 ] ; then - [ -z "$stopping" ] && { stop_firewall; exit 2; } + rulenum=$(($rulenum + 1)) + + eval ${chain}_logrules=$rulenum + else + case $level in + ULOG) + eval iptables -A $chain $@ -j ULOG $LOGPARMS --ulog-prefix '"`printf "$LOGFORMAT" $chain $disposition`"' + ;; + *) + eval iptables -A $chain $@ -j LOG $LOGPARMS --log-prefix '"`printf "$LOGFORMAT" $chain $disposition`"' + ;; + esac + + if [ $? -ne 0 ] ; then + [ -z "$stopping" ] && { stop_firewall; exit 2; } + fi fi - - rulenum=$(($rulenum + 1)) - - eval ${chain}_logrules=$rulenum } # @@ -4339,6 +4354,7 @@ do_initialize() { FUNCTIONS= VERSION_FILE= LOGFORMAT= + LOGRULENUMBERS= stopping= have_mutex= @@ -4464,13 +4480,14 @@ do_initialize() { else CLEAR_TC= fi - + if [ -n "$LOGFORMAT" ]; then if ! qt printf "$LOGFORMAT" foo 1 bar ; then startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" fi + [ -n "`echo $LOGFORMAT | grep '%d'`" ] && LOGRULENUMBERS=Yes else - LOGFORMAT="Shorewall:%s:%d:%s:" + LOGFORMAT="Shorewall:%s:%s:" fi # # Strip the files that we use often diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf index b21788279..3bc30551e 100755 --- a/Shorewall/shorewall.conf +++ b/Shorewall/shorewall.conf @@ -59,16 +59,18 @@ LOGFILE=/var/log/messages # # Shell 'printf' Formatting template for the --log-prefix value in log messages # generated by Shorewall to identify Shorewall log messages. The supplied -# template is expected to accept three arguments; the first is the chain name, -# the second is the logging rule number within that chain and the third is the -# ACTION specifying the disposition of the packet being logged. +# template is expected to accept either two or three arguments; the first is +# the chain name, the second (optional) is the logging rule number within that +# chain and the third is the ACTION specifying the disposition of the packet +# being logged. You must use the %d formatting type for the rule number; if your +# template does not contain %d then the rule number will not be included. # # If you want to integrate Shorewall with fireparse, then set LOGFORMAT as: # # LOGFORMAT="fp=%s:%d a=%s " # # If not specified or specified as empty (LOGFORMAT="") then the value -# "Shorewall:%s:%d:%s:" is assumed. +# "Shorewall:%s:%s:" is assumed. # # CAUTION: /sbin/shorewall uses the leading part of the LOGFORMAT string (up # to but not including the first '%') to find log messages in the 'show log', @@ -76,7 +78,7 @@ LOGFILE=/var/log/messages # LOGFORMAT should not begin with "%") and the leading part should be # sufficiently unique for /sbin/shorewall to identify Shorewall messages. -LOGFORMAT="Shorewall:%s:%d:%s:" +LOGFORMAT="Shorewall:%s:%s:" # # LOG RATE LIMITING diff --git a/Shorewall/zones b/Shorewall/zones index e9b882473..5f9289da8 100644 --- a/Shorewall/zones +++ b/Shorewall/zones @@ -3,7 +3,7 @@ # # This file determines your network zones. Columns are: # -# ZONE Short name of the zone +# ZONE Short name of the zone (4 Characters or less in length). # DISPLAY Display name of the zone # COMMENTS Comments about the zone #