Add support for NFLOG

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7689 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-11-18 18:05:08 +00:00
parent c3cd826cb2
commit 8cae1a45d0
3 changed files with 38 additions and 4 deletions

View File

@ -1420,8 +1420,10 @@ sub log_rule_limit( $$$$$$$$ ) {
warning_message "Log Prefix shortened to \"$prefix\""; warning_message "Log Prefix shortened to \"$prefix\"";
} }
if ( $level eq 'ULOG' ) { if ( $level =~ '^ULOG' ) {
$prefix = "-j ULOG $globals{LOGPARMS}--ulog-prefix \"$prefix\" "; $prefix = "-j $level --ulog-prefix \"$prefix\" ";
} elsif ( $level =~ /^NFLOG/ ) {
$prefix = "-j $level --nflog-prefix \"$prefix\" ";
} else { } else {
$prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" "; $prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
} }

View File

@ -1159,7 +1159,8 @@ my %validlevels = ( debug => 7,
emerg => 0, emerg => 0,
panic => 0, panic => 0,
none => '', none => '',
ULOG => 'ULOG' ); ULOG => 'ULOG',
NFLOG => 'NFLOG');
# #
# Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate" # Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate"
@ -1172,6 +1173,37 @@ sub validate_level( $ ) {
my $value = $validlevels{$level}; my $value = $validlevels{$level};
return $value if defined $value; return $value if defined $value;
return $level if $level =~ /^[0-7]$/; return $level if $level =~ /^[0-7]$/;
if ( $level =~ /^NFLOG[(](.*)[)]$/ ) {
my @options = split /,/, $1;
$level = 'NFLOG';
$level .= " --nflog-group $options[0]" if defined $options[0] && $options[0] ne '';
$level .= " --nflog-range $options[1]" if defined $options[1] && $options[1] ne '';
$level .= " --nflog-threshhold $options[2]" if defined $options[2] && $options[2] ne '';
return $level;
}
if ( $level =~ /^NFLOG --/ ) {
return $level;
}
if ( $level =~ /^ULOG[(](.*)[)]$/ ) {
my @options = split /,/, $1;
$level = 'ULOG';
$level .= " --ulog-group $options[0]" if defined $options[0] && $options[0] ne '';
$level .= " --ulog-range $options[1]" if defined $options[1] && $options[1] ne '';
$level .= " --ulog-threshhold $options[2]" if defined $options[2] && $options[2] ne '';
return $level;
}
if ( $level =~ /^ULOG --/ ) {
return $level;
}
fatal_error "Invalid log level ($level)"; fatal_error "Invalid log level ($level)";
} }

View File

@ -590,7 +590,7 @@ sub add_common_rules() {
my $savelogparms = $globals{LOGPARMS}; my $savelogparms = $globals{LOGPARMS};
$globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options " unless $config{TCP_FLAGS_LOG_LEVEL} eq 'ULOG'; $globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options ";
log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, ''; log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';