extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-06 17:56:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow the log tag to act as a generalized parameter to an action extension script

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2583 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-29 20:32:16 +00:00
parent 433d4303ca
commit b258f29d56
3 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -17,6 +17,8 @@ Changes in 2.5.3
8) Fixed tunnels/rules interaction problems. 8) Fixed tunnels/rules interaction problems.
9) Provide hack for passing arguments to action extension scripts.
Changes in 2.5.2 Changes in 2.5.2
1) Allow port lists in /etc/sorewall/accounting. 1) Allow port lists in /etc/sorewall/accounting.

13
Shorewall/firewall
View File

@ -4015,7 +4015,6 @@ process_action() # $1 = chain (Chain to add the rules to)
case $loglevel in case $loglevel in
none*) none*)
loglevel= loglevel=
logtag=
[ $target = LOG ] && return [ $target = LOG ] && return
;; ;;
esac esac
@ -4195,6 +4194,9 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
else else
TAG= TAG=
fi fi
[ none = "${LEVEL%\!}" ] && LEVEL=
run_user_exit $1 run_user_exit $1
fi fi
@ -4277,7 +4279,7 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
*:*:*) *:*:*)
case $2 in case $2 in
'none!') 'none!')
echo ${subordinate%%:*}:'none!' echo ${subordinate%%:*}:'none!':$3
return return
;; ;;
*'!') *'!')
@ -4286,10 +4288,14 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
;; ;;
*) *)
case $subordinate in case $subordinate in
*:*) *:*:*)
echo $subordinate echo $subordinate
return return
;; ;;
*:*)
echo $subordinate:$3
return
;;
*) *)
echo ${subordinate%%:*}:$2:$3 echo ${subordinate%%:*}:$2:$3
return return
@ -5384,7 +5390,6 @@ process_rule() # $1 = target
case $loglevel in case $loglevel in
none*) none*)
loglevel= loglevel=
logtag=
[ $target = LOG ] && return [ $target = LOG ] && return
;; ;;
esac esac

23
Shorewall/releasenotes.txt
View File

@ -83,6 +83,29 @@ New Features in Shorewall 2.5.3
the rules file. It is recommended that rules specifying 'ipp2p' the rules file. It is recommended that rules specifying 'ipp2p'
only be included in the ESTABLISHED section of the file. only be included in the ESTABLISHED section of the file.
7) Shorewall actions lack a generalized way to pass parameters to an
extension script associated with an action. To work around this
lack, some users have used the log tag as a parameter. This works
but requires that a log level other than 'none' be specified when
the action is invoked. Beginning with this release, you can invoke
an action with 'none'.
Example:
#ACTION SOURCE DEST
A:none:these,are,parameters fw net
When /etc/shorewall/A is invoked, the LEVEL variable will be empty
but the TAG variable will contain "these,are,parameters" which
can be easily parsed to isolate "these", "are" and "parameters":
ifs=$IFS
IFS=,
set -- $TAG
IFS=$ifs
Now, $1 = these, $2 = are and $3 = parameters
Problems Corrected in 2.5.2: Problems Corrected in 2.5.2:
1) You may now include port lists in in the /etc/shorewall/accounting 1) You may now include port lists in in the /etc/shorewall/accounting