mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-11 16:18:13 +01:00
Add support for NFLOG
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7689 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
c3cd826cb2
commit
8cae1a45d0
@ -1420,8 +1420,10 @@ sub log_rule_limit( $$$$$$$$ ) {
|
|||||||
warning_message "Log Prefix shortened to \"$prefix\"";
|
warning_message "Log Prefix shortened to \"$prefix\"";
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $level eq 'ULOG' ) {
|
if ( $level =~ '^ULOG' ) {
|
||||||
$prefix = "-j ULOG $globals{LOGPARMS}--ulog-prefix \"$prefix\" ";
|
$prefix = "-j $level --ulog-prefix \"$prefix\" ";
|
||||||
|
} elsif ( $level =~ /^NFLOG/ ) {
|
||||||
|
$prefix = "-j $level --nflog-prefix \"$prefix\" ";
|
||||||
} else {
|
} else {
|
||||||
$prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
|
$prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
|
||||||
}
|
}
|
||||||
|
@ -1159,7 +1159,8 @@ my %validlevels = ( debug => 7,
|
|||||||
emerg => 0,
|
emerg => 0,
|
||||||
panic => 0,
|
panic => 0,
|
||||||
none => '',
|
none => '',
|
||||||
ULOG => 'ULOG' );
|
ULOG => 'ULOG',
|
||||||
|
NFLOG => 'NFLOG');
|
||||||
|
|
||||||
#
|
#
|
||||||
# Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate"
|
# Validate a log level -- Drop the trailing '!' and translate to numeric value if appropriate"
|
||||||
@ -1172,6 +1173,37 @@ sub validate_level( $ ) {
|
|||||||
my $value = $validlevels{$level};
|
my $value = $validlevels{$level};
|
||||||
return $value if defined $value;
|
return $value if defined $value;
|
||||||
return $level if $level =~ /^[0-7]$/;
|
return $level if $level =~ /^[0-7]$/;
|
||||||
|
|
||||||
|
if ( $level =~ /^NFLOG[(](.*)[)]$/ ) {
|
||||||
|
my @options = split /,/, $1;
|
||||||
|
|
||||||
|
$level = 'NFLOG';
|
||||||
|
$level .= " --nflog-group $options[0]" if defined $options[0] && $options[0] ne '';
|
||||||
|
$level .= " --nflog-range $options[1]" if defined $options[1] && $options[1] ne '';
|
||||||
|
$level .= " --nflog-threshhold $options[2]" if defined $options[2] && $options[2] ne '';
|
||||||
|
|
||||||
|
return $level;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $level =~ /^NFLOG --/ ) {
|
||||||
|
return $level;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $level =~ /^ULOG[(](.*)[)]$/ ) {
|
||||||
|
my @options = split /,/, $1;
|
||||||
|
|
||||||
|
$level = 'ULOG';
|
||||||
|
$level .= " --ulog-group $options[0]" if defined $options[0] && $options[0] ne '';
|
||||||
|
$level .= " --ulog-range $options[1]" if defined $options[1] && $options[1] ne '';
|
||||||
|
$level .= " --ulog-threshhold $options[2]" if defined $options[2] && $options[2] ne '';
|
||||||
|
|
||||||
|
return $level;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $level =~ /^ULOG --/ ) {
|
||||||
|
return $level;
|
||||||
|
}
|
||||||
|
|
||||||
fatal_error "Invalid log level ($level)";
|
fatal_error "Invalid log level ($level)";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -590,7 +590,7 @@ sub add_common_rules() {
|
|||||||
|
|
||||||
my $savelogparms = $globals{LOGPARMS};
|
my $savelogparms = $globals{LOGPARMS};
|
||||||
|
|
||||||
$globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options " unless $config{TCP_FLAGS_LOG_LEVEL} eq 'ULOG';
|
$globals{LOGPARMS} = "$globals{LOGPARMS}--log-ip-options ";
|
||||||
|
|
||||||
log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';
|
log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user