Add LOG_LEVEL option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-25 00:53:49 +01:00 · 2017-02-12 09:52:55 -08:00 · 2017-02-12 09:52:55 -08:00 · 735919d8d3
commit 735919d8d3
parent b4561e97c8
31 changed files with 106 additions and 74 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -792,6 +792,7 @@ sub initialize( $;$$) {
 	  INVALID_LOG_LEVEL => undef,
 	  UNTRACKED_LOG_LEVEL => undef,
 	  LOG_BACKEND => undef,
+	  LOG_LEVEL => undef,
 	  #
 	  # Location of Files
 	  #
@ -6474,6 +6475,7 @@ sub get_configuration( $$$$ ) {
    default_log_level 'RELATED_LOG_LEVEL',    '';
    default_log_level 'INVALID_LOG_LEVEL',    '';
    default_log_level 'UNTRACKED_LOG_LEVEL',  '';
+    default_log_level 'LOG_LEVEL',            'info';

    if ( supplied( $val = $config{LOG_BACKEND} ) ) {
 	if ( $family == F_IPV4 && $val eq 'ULOG' ) {
--- a/Shorewall/Samples/Universal/params
+++ b/Shorewall/Samples/Universal/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall/Samples/Universal/policy
+++ b/Shorewall/Samples/Universal/policy
@ -10,4 +10,4 @@
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
 $FW	net	ACCEPT
-net	all	DROP		$LOG
+net	all	DROP		$LOG_LEVEL
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@ -33,6 +33,8 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -53,19 +55,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL

-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL

-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL

 UNTRACKED_LOG_LEVEL=

@ -108,7 +110,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="Broadcast(DROP)"
 NFQUEUE_DEFAULT="none"
 QUEUE_DEFAULT="none"
--- a/Shorewall/Samples/one-interface/params
+++ b/Shorewall/Samples/one-interface/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall/Samples/one-interface/policy
+++ b/Shorewall/Samples/one-interface/policy
@ -13,6 +13,6 @@
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
 $FW		net		ACCEPT
-net		all		DROP		$LOG
+net		all		DROP		$LOG_LEVEL
 # The FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		$LOG
+all		all		REJECT		$LOG_LEVEL
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -44,6 +44,8 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -64,19 +66,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL="$LOG"
+MACLIST_LOG_LEVEL="$LOG_LEVEL"

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL="$LOG"
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"

-SFILTER_LOG_LEVEL="$LOG"
+SFILTER_LOG_LEVEL="$LOG_LEVEL"

-SMURF_LOG_LEVEL="$LOG"
+SMURF_LOG_LEVEL="$LOG_LEVEL"

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL="$LOG"
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"

 UNTRACKED_LOG_LEVEL=

@ -119,7 +121,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="Broadcast(DROP)"
 NFQUEUE_DEFAULT="none"
 QUEUE_DEFAULT="none"
--- a/Shorewall/Samples/three-interfaces/params
+++ b/Shorewall/Samples/three-interfaces/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall/Samples/three-interfaces/policy
+++ b/Shorewall/Samples/three-interfaces/policy
@ -14,6 +14,6 @@
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

 loc		net		ACCEPT
-net		all		DROP		$LOG
+net		all		DROP		$LOG_LEVEL
 # THE FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		$LOG
+all		all		REJECT		$LOG_LEVEL
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -41,6 +41,8 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -61,19 +63,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL

-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL

-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL

 UNTRACKED_LOG_LEVEL=

@ -116,11 +118,11 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
-DROP_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL"
 NFQUEUE_DEFAULT="none"
 QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Broadcast(DROP),dropInvalid:$LOG"
+REJECT_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL"

 ###############################################################################
 #                        R S H / R C P  C O M M A N D S
--- a/Shorewall/Samples/two-interfaces/params
+++ b/Shorewall/Samples/two-interfaces/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall/Samples/two-interfaces/policy
+++ b/Shorewall/Samples/two-interfaces/policy
@ -14,7 +14,7 @@
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

 loc		net		ACCEPT
-net		all		DROP		$LOG
+net		all		DROP		$LOG_LEVEL
 # THE FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		$LOG
+all		all		REJECT		$LOG_LEVEL

--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -44,6 +44,8 @@ FIREWALL=
 #		                L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -64,19 +66,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL

-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL

-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL

 UNTRACKED_LOG_LEVEL=

@ -119,7 +121,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="Broadcast(DROP)"
 NFQUEUE_DEFAULT="none"
 QUEUE_DEFAULT="none"
--- a/Shorewall/configfiles/params
+++ b/Shorewall/configfiles/params
@ -22,4 +22,3 @@
 #	net	eth0		130.252.100.255	routefilter,norfc1918
 #
 ###############################################################################
-LOG=info # Default Log Level
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -33,6 +33,8 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -53,19 +55,19 @@ LOGTAGONLY=No

 LOGLIMIT="s:1/sec:10"

-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL

-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL

-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL

 STARTUP_LOG=/var/log/shorewall-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL

 UNTRACKED_LOG_LEVEL=

@ -108,7 +110,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),dropNotSyn:$LOG,dropInvalid:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="Broadcast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -1356,6 +1356,20 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.1.2. Beginning with that release, the
+          sample configurations use this as the default log level and changing
+          it will change all packet logging done by the configuration. In any
+          configuration file (except <ulink
+          url="shorewall-params.html">shorewall-params(5)</ulink>), $LOG_LEVEL
+          will expand to this value.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">LOG_MARTIANS=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis
--- a/Shorewall6/Samples6/Universal/params
+++ b/Shorewall6/Samples6/Universal/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall6/Samples6/Universal/policy
+++ b/Shorewall6/Samples6/Universal/policy
@ -10,5 +10,5 @@
 #SOURCE	DEST	POLICY		LOG	LIMIT:		CONNLIMIT:
 #				LEVEL	BURST		MASK
 fw	net	ACCEPT
-net	all	DROP		$LOG
+net	all	DROP		$LOG_LEVEL

--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -34,6 +34,8 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -105,7 +107,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
--- a/Shorewall6/Samples6/one-interface/params
+++ b/Shorewall6/Samples6/one-interface/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall6/Samples6/one-interface/policy
+++ b/Shorewall6/Samples6/one-interface/policy
@ -14,6 +14,6 @@
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
 $FW		net		ACCEPT
-net		all		DROP		$LOG
+net		all		DROP		$LOG_LEVEL
 # The FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		$LOG
+all		all		REJECT		$LOG_LEVEL
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -35,6 +35,8 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -106,7 +108,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
--- a/Shorewall6/Samples6/three-interfaces/params
+++ b/Shorewall6/Samples6/three-interfaces/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall6/Samples6/three-interfaces/policy
+++ b/Shorewall6/Samples6/three-interfaces/policy
@ -14,6 +14,6 @@
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

 loc		net		ACCEPT
-net		all		DROP		$LOG
-all		all		REJECT		$LOG
+net		all		DROP		$LOG_LEVEL
+all		all		REJECT		$LOG_LEVEL

--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -34,6 +34,8 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -105,7 +107,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
--- a/Shorewall6/Samples6/two-interfaces/params
+++ b/Shorewall6/Samples6/two-interfaces/params
@ -11,5 +11,3 @@
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-params"
 ######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
--- a/Shorewall6/Samples6/two-interfaces/policy
+++ b/Shorewall6/Samples6/two-interfaces/policy
@ -14,6 +14,6 @@
 #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST

 loc		net		ACCEPT
-net		all		DROP		$LOG
-all		all		REJECT		$LOG
+net		all		DROP		$LOG_LEVEL
+all		all		REJECT		$LOG_LEVEL

--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -34,6 +34,8 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -105,7 +107,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
--- a/Shorewall6/configfiles/params
+++ b/Shorewall6/configfiles/params
@ -21,4 +21,3 @@
 #	net	eth0		-	dhcp,nosmurfs
 #
 ###############################################################################
-LOG=info # Default Log Level
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -34,6 +34,8 @@ FIREWALL=
 #			       L O G G I N G
 ###############################################################################

+LOG_LEVEL=info
+
 BLACKLIST_LOG_LEVEL=

 INVALID_LOG_LEVEL=
@ -52,19 +54,19 @@ LOGLIMIT="s:1/sec:10"

 LOGTAGONLY=No

-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL

 RELATED_LOG_LEVEL=

-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL

-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL

-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL

 STARTUP_LOG=/var/log/shorewall6-init.log

-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL

 UNTRACKED_LOG_LEVEL=

@ -105,7 +107,7 @@ TC=
 ###############################################################################

 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP)s,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP)s,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -1185,6 +1185,20 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.1.2. Beginning with that release, the
+          sample configurations use this as the default log level and changing
+          it will change all packet logging done by the configuration. In any
+          configuration file (except <ulink
+          url="shorewall6-params.html">shorewall6-params(5)</ulink>),
+          $LOG_LEVEL will expand to this value.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">LOG_VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>