Fix logging NAT rules

This commit is contained in:
Tom Eastep 2009-08-05 12:48:14 -07:00
parent 9ce5887269
commit 70f46c02cc
3 changed files with 9 additions and 2 deletions

View File

@ -2816,7 +2816,7 @@ sub expand_rule( $$$$$$$$$$;$ )
'add',
'' );
add_rule( $chainref, $target );
add_rule( $chainref, $exceptionrule . $target );
} else {
log_rule_limit(
$loglevel ,

View File

@ -2,6 +2,8 @@ Changes in Shorewall 4.4.0
1) Fix 'compile ... -' so that it no longer requires '-v-1'
2) Fix rule generation for logging nat rules with no exclusion.
Changes in Shorewall 4.4.0-RC2
1) Fix capabilities file with Shorewall6.

View File

@ -133,7 +133,12 @@ None.
N E W F E A T U R E S I N 4 . 4 . 0
----------------------------------------------------------------------------
None.
1) Perviously, a nat rule (DNAT, REDIRECT, etc.) with logging
specified could cause invalid iptables input to be generated.
Example of rule:
REDIRECT:ULOG wall 82 tcp 80
----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 4