diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 6a6e66e88..b3c9797c7 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3934,7 +3934,7 @@ sub log_rule_limit( $$$$$$$$ ) {
$prefix = "-j $level --nflog-prefix \"$prefix\" ";
} elsif ( $level =~ '^LOGMARK' ) {
$prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;
- $prefix = "-j LOGMARK --log-level $level --log-prefix \"$prefix\" ";
+ $prefix = "-j $level --log-prefix \"$prefix\" ";
} else {
$prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
}
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 1b235e381..2eb91587f 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2132,10 +2132,21 @@ sub validate_level( $ ) {
return $rawlevel;
}
- if ( $level eq 'LOGMARK' ) {
+ if ( $level =~ /^LOGMARK --/ ) {
+ require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
+ return $rawlevel;
+ }
+
+ if ( $level =~ /LOGMARK[(](.*)[)]$/ ) {
+ my $sublevel = $1;
+
+ $sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/;
+
+ level_error( $level ) unless defined $sublevel =~ /^[0-7]$/;
+
require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' );
require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
- return 'LOGMARK';
+ return "LOGMARK --log-level $sublevel";
}
level_error( $rawlevel );
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index e060156ef..44858c9ea 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -72,7 +72,19 @@
from http://www.netfilter.org/projects/ulogd/index.html
and can be configured to log all Shorewall messages to their own log
- file
+ file.
+
+ Beginning with Shorewall 4.4.22, LOGMARK is also a valid level which
+ logs the packet's mark value along with the other usual information. The
+ syntax is:
+
+
+ LOGMARK(priority)
+
+
+ where priority is one of the levels
+ listed in the list above.
The following options may be set in shorewall.conf.