extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 00:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add undocumented LOGMARK log level

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9851 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-04-12 15:22:19 +00:00
parent 347090da6e
commit ade958dd51
3 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1968,6 +1968,9 @@ sub log_rule_limit( $$$$$$$$ ) {
$prefix = "-j $level --ulog-prefix \"$prefix\" "; $prefix = "-j $level --ulog-prefix \"$prefix\" ";
} elsif ( $level =~ /^NFLOG/ ) { } elsif ( $level =~ /^NFLOG/ ) {
$prefix = "-j $level --nflog-prefix \"$prefix\" "; $prefix = "-j $level --nflog-prefix \"$prefix\" ";
} elsif ( $level =~ '^LOGMARK' ) {
$prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;
$prefix = "-j LOGMARK --log-level $level --log-prefix \"$prefix\" ";
} else { } else {
$prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" "; $prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
} }

16
Shorewall/Perl/Shorewall/Config.pm
View File

@ -235,6 +235,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
CONNLIMIT_MATCH => 'Connlimit Match', CONNLIMIT_MATCH => 'Connlimit Match',
TIME_MATCH => 'Time Match', TIME_MATCH => 'Time Match',
GOTO_TARGET => 'Goto Support', GOTO_TARGET => 'Goto Support',
LOGMARK_TARGET => 'LOGMARK Target',
CAPVERSION => 'Capability Version', CAPVERSION => 'Capability Version',
); );
# #
@ -322,7 +323,7 @@ sub initialize( $ ) {
EXPORT => 0, EXPORT => 0,
UNTRACKED => 0, UNTRACKED => 0,
VERSION => "4.3.9", VERSION => "4.3.9",
CAPVERSION => 40205 , CAPVERSION => 40309 ,
); );
# #
@ -450,7 +451,8 @@ sub initialize( $ ) {
PANIC => 0, PANIC => 0,
NONE => '', NONE => '',
ULOG => 'ULOG', ULOG => 'ULOG',
NFLOG => 'NFLOG'); NFLOG => 'NFLOG',
LOGMARK => 'LOGMARK' );
} else { } else {
$globals{SHAREDIR} = '/usr/share/shorewall6'; $globals{SHAREDIR} = '/usr/share/shorewall6';
$globals{CONFDIR} = '/etc/shorewall6'; $globals{CONFDIR} = '/etc/shorewall6';
@ -549,7 +551,8 @@ sub initialize( $ ) {
EMERG => 0, EMERG => 0,
PANIC => 0, PANIC => 0,
NONE => '', NONE => '',
NFLOG => 'NFLOG'); NFLOG => 'NFLOG',
LOGMARK => 'LOGMARK' );
} }
# #
# From parsing the capabilities file # From parsing the capabilities file
@ -594,6 +597,7 @@ sub initialize( $ ) {
CONNLIMIT_MATCH => undef, CONNLIMIT_MATCH => undef,
TIME_MATCH => undef, TIME_MATCH => undef,
GOTO_TARGET => undef, GOTO_TARGET => undef,
LOGMARK_TARGET => undef,
CAPVERSION => undef, CAPVERSION => undef,
); );
# #
@ -1684,6 +1688,11 @@ sub validate_level( $ ) {
return $rawlevel; return $rawlevel;
} }
if ( $level eq 'LOGMARK' ) {
require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
return 'LOGMARK';
}
level_error( $rawlevel ); level_error( $rawlevel );
} }
@ -1960,6 +1969,7 @@ sub determine_capabilities( $ ) {
$capabilities{CONNLIMIT_MATCH} = qt1( "$iptables -A $sillyname -m connlimit --connlimit-above 8" ); $capabilities{CONNLIMIT_MATCH} = qt1( "$iptables -A $sillyname -m connlimit --connlimit-above 8" );
$capabilities{TIME_MATCH} = qt1( "$iptables -A $sillyname -m time --timestart 11:00" ); $capabilities{TIME_MATCH} = qt1( "$iptables -A $sillyname -m time --timestart 11:00" );
$capabilities{GOTO_TARGET} = qt1( "$iptables -A $sillyname -g $sillyname1" ); $capabilities{GOTO_TARGET} = qt1( "$iptables -A $sillyname -g $sillyname1" );
$capabilities{LOGMARK_TARGET} = qt1( "$iptables -A $sillyname -j LOGMARK" );
qt1( "$iptables -F $sillyname" ); qt1( "$iptables -F $sillyname" );
qt1( "$iptables -X $sillyname" ); qt1( "$iptables -X $sillyname" );

6
Shorewall/lib.base
View File

@ -30,7 +30,7 @@
# #
SHOREWALL_LIBVERSION=40000 SHOREWALL_LIBVERSION=40000
SHOREWALL_CAPVERSION=40205 SHOREWALL_CAPVERSION=40309
[ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
@ -1082,6 +1082,7 @@ determine_capabilities() {
CONNLIMIT_MATCH= CONNLIMIT_MATCH=
TIME_MATCH= TIME_MATCH=
GOTO_TARGET= GOTO_TARGET=
LOGMARK_TARGET=
chain=fooX$$ chain=fooX$$
@ -1204,6 +1205,7 @@ determine_capabilities() {
qt $IPTABLES -A $chain -m connlimit --connlimit-above 8 -j DROP && CONNLIMIT_MATCH=Yes qt $IPTABLES -A $chain -m connlimit --connlimit-above 8 -j DROP && CONNLIMIT_MATCH=Yes
qt $IPTABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes qt $IPTABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes
qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes
qt $IPTABLES -A $chain -j LOGMARK && LOGMARK_TARGET=Yes
qt $IPTABLES -F $chain qt $IPTABLES -F $chain
qt $IPTABLES -X $chain qt $IPTABLES -X $chain
@ -1267,6 +1269,7 @@ report_capabilities() {
report_capability "Connlimit Match" $CONNLIMIT_MATCH report_capability "Connlimit Match" $CONNLIMIT_MATCH
report_capability "Time Match" $TIME_MATCH report_capability "Time Match" $TIME_MATCH
report_capability "Goto Support" $GOTO_TARGET report_capability "Goto Support" $GOTO_TARGET
report_capability "LOGMARK Target" $LOGMARK_TARGET
fi fi
[ -n "$PKTTYPE" ] || USEPKTTYPE= [ -n "$PKTTYPE" ] || USEPKTTYPE=
@ -1321,6 +1324,7 @@ report_capabilities1() {
report_capability1 CONNLIMIT_MATCH report_capability1 CONNLIMIT_MATCH
report_capability1 TIME_MATCH report_capability1 TIME_MATCH
report_capability1 GOTO_TARGET report_capability1 GOTO_TARGET
report_capability1 LOGMARK_TARGET
echo CAPVERSION=$SHOREWALL_CAPVERSION echo CAPVERSION=$SHOREWALL_CAPVERSION
} }