Allow the log tag to act as a generalized parameter to an action extension script

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2583 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-29 20:32:16 +00:00
parent 433d4303ca
commit b258f29d56
3 changed files with 34 additions and 4 deletions

View File

@ -17,6 +17,8 @@ Changes in 2.5.3
8) Fixed tunnels/rules interaction problems.
9) Provide hack for passing arguments to action extension scripts.
Changes in 2.5.2
1) Allow port lists in /etc/sorewall/accounting.

View File

@ -4015,7 +4015,6 @@ process_action() # $1 = chain (Chain to add the rules to)
case $loglevel in
none*)
loglevel=
logtag=
[ $target = LOG ] && return
;;
esac
@ -4195,6 +4194,9 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
else
TAG=
fi
[ none = "${LEVEL%\!}" ] && LEVEL=
run_user_exit $1
fi
@ -4277,7 +4279,7 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
*:*:*)
case $2 in
'none!')
echo ${subordinate%%:*}:'none!'
echo ${subordinate%%:*}:'none!':$3
return
;;
*'!')
@ -4286,10 +4288,14 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
;;
*)
case $subordinate in
*:*)
*:*:*)
echo $subordinate
return
;;
*:*)
echo $subordinate:$3
return
;;
*)
echo ${subordinate%%:*}:$2:$3
return
@ -5384,7 +5390,6 @@ process_rule() # $1 = target
case $loglevel in
none*)
loglevel=
logtag=
[ $target = LOG ] && return
;;
esac

View File

@ -83,6 +83,29 @@ New Features in Shorewall 2.5.3
the rules file. It is recommended that rules specifying 'ipp2p'
only be included in the ESTABLISHED section of the file.
7) Shorewall actions lack a generalized way to pass parameters to an
extension script associated with an action. To work around this
lack, some users have used the log tag as a parameter. This works
but requires that a log level other than 'none' be specified when
the action is invoked. Beginning with this release, you can invoke
an action with 'none'.
Example:
#ACTION SOURCE DEST
A:none:these,are,parameters fw net
When /etc/shorewall/A is invoked, the LEVEL variable will be empty
but the TAG variable will contain "these,are,parameters" which
can be easily parsed to isolate "these", "are" and "parameters":
ifs=$IFS
IFS=,
set -- $TAG
IFS=$ifs
Now, $1 = these, $2 = are and $3 = parameters
Problems Corrected in 2.5.2:
1) You may now include port lists in in the /etc/shorewall/accounting