mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-06 01:36:44 +02:00
Allow the log tag to act as a generalized parameter to an action extension script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2583 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
433d4303ca
commit
b258f29d56
@ -17,6 +17,8 @@ Changes in 2.5.3
|
||||
|
||||
8) Fixed tunnels/rules interaction problems.
|
||||
|
||||
9) Provide hack for passing arguments to action extension scripts.
|
||||
|
||||
Changes in 2.5.2
|
||||
|
||||
1) Allow port lists in /etc/sorewall/accounting.
|
||||
|
@ -4015,7 +4015,6 @@ process_action() # $1 = chain (Chain to add the rules to)
|
||||
case $loglevel in
|
||||
none*)
|
||||
loglevel=
|
||||
logtag=
|
||||
[ $target = LOG ] && return
|
||||
;;
|
||||
esac
|
||||
@ -4195,6 +4194,9 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
|
||||
else
|
||||
TAG=
|
||||
fi
|
||||
|
||||
[ none = "${LEVEL%\!}" ] && LEVEL=
|
||||
|
||||
run_user_exit $1
|
||||
fi
|
||||
|
||||
@ -4277,7 +4279,7 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
|
||||
*:*:*)
|
||||
case $2 in
|
||||
'none!')
|
||||
echo ${subordinate%%:*}:'none!'
|
||||
echo ${subordinate%%:*}:'none!':$3
|
||||
return
|
||||
;;
|
||||
*'!')
|
||||
@ -4286,10 +4288,14 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
|
||||
;;
|
||||
*)
|
||||
case $subordinate in
|
||||
*:*)
|
||||
*:*:*)
|
||||
echo $subordinate
|
||||
return
|
||||
;;
|
||||
*:*)
|
||||
echo $subordinate:$3
|
||||
return
|
||||
;;
|
||||
*)
|
||||
echo ${subordinate%%:*}:$2:$3
|
||||
return
|
||||
@ -5384,7 +5390,6 @@ process_rule() # $1 = target
|
||||
case $loglevel in
|
||||
none*)
|
||||
loglevel=
|
||||
logtag=
|
||||
[ $target = LOG ] && return
|
||||
;;
|
||||
esac
|
||||
|
@ -83,6 +83,29 @@ New Features in Shorewall 2.5.3
|
||||
the rules file. It is recommended that rules specifying 'ipp2p'
|
||||
only be included in the ESTABLISHED section of the file.
|
||||
|
||||
7) Shorewall actions lack a generalized way to pass parameters to an
|
||||
extension script associated with an action. To work around this
|
||||
lack, some users have used the log tag as a parameter. This works
|
||||
but requires that a log level other than 'none' be specified when
|
||||
the action is invoked. Beginning with this release, you can invoke
|
||||
an action with 'none'.
|
||||
|
||||
Example:
|
||||
|
||||
#ACTION SOURCE DEST
|
||||
A:none:these,are,parameters fw net
|
||||
|
||||
When /etc/shorewall/A is invoked, the LEVEL variable will be empty
|
||||
but the TAG variable will contain "these,are,parameters" which
|
||||
can be easily parsed to isolate "these", "are" and "parameters":
|
||||
|
||||
ifs=$IFS
|
||||
IFS=,
|
||||
set -- $TAG
|
||||
IFS=$ifs
|
||||
|
||||
Now, $1 = these, $2 = are and $3 = parameters
|
||||
|
||||
Problems Corrected in 2.5.2:
|
||||
|
||||
1) You may now include port lists in in the /etc/shorewall/accounting
|
||||
|
Loading…
x
Reference in New Issue
Block a user