holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Make log scanning more independent of LOGFORMAT

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-04 18:04:24 +00:00
parent 51125f09c3
commit 0369562e37
7 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-lite/shorewall-lite
View File

@ -252,12 +252,12 @@ packet_log() # $1 = number of messages
[ -n "$realtail" ] && options="-n$1"
if [ -n "$SHOWMACS" -o $VERBOSE -gt 2 ]; then
grep "${LOGFORMAT}" $LOGFILE | \
grep 'IN=.* OUT=' $LOGFILE | \
sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \
tail $options
else
grep "${LOGFORMAT}" $LOGFILE | \
grep 'IN=.* OUT=' $LOGFILE | \
sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \
sed 's/MAC=.* SRC=/SRC=/' | \

2
Shorewall/changelog.txt
View File

@ -1,6 +1,6 @@
Changes in 3.3.3
1) Fix exclusing in SUBNET column.
1) Fix excluding in SUBNET column.
2) Add logical AND and OR support for tcrules.

1
Shorewall/lib.nat
View File

@ -393,7 +393,6 @@ networks="\$(get_routed_networks $detectinterface)"
for network in \$networks; do
__EOF__
for destnet in $(separate_list $destnets); do
indent >&3 << __EOF__
run_iptables -t nat -A $chain -s \$network $(dest_ip_range $destnet) $proto $ports $policy -j $target $addrlist
__EOF__

4
Shorewall/lib.tcrules
View File

@ -266,7 +266,7 @@ process_tc_rule()
;;
\|*)
[ $chain = tcpost ] && fatal_error "Invalid class ID: $mark"
[ -n "$did_connmark" ] && fatal_error "OR not valid with :C[FP]"
[ -n "$did_connmark" ] && fatal_error "Logical OR not valid with :C[FP]"
target="MARK --or-mark"
mark=${mark#|}
validate_mark $mark
@ -276,7 +276,7 @@ process_tc_rule()
;;
\&*)
[ $chain = tcpost ] && fatal_error "Invalid class ID: $mark"
[ -n "$did_connmark" ] && fatal_error "AND not valid with :C[FP]"
[ -n "$did_connmark" ] && fatal_error "Logical AND not valid with :C[FP]"
target="MARK --and-mark"
mark=${mark#&}
validate_mark $mark

4
Shorewall/shorewall
View File

@ -312,12 +312,12 @@ packet_log() # $1 = number of messages
[ -n "$realtail" ] && options="-n$1"
if [ -n "$SHOWMACS" -o $VERBOSE -gt 2 ]; then
grep "${LOGFORMAT}" $LOGFILE | \
grep 'IN=.* OUT=' $LOGFILE | \
sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \
tail $options
else
grep "${LOGFORMAT}" $LOGFILE | \
grep 'IN=.* OUT=' $LOGFILE | \
sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \
sed 's/MAC=.* SRC=/SRC=/' | \

11
docs/PacketMarking.xml
View File

@ -225,12 +225,11 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
</itemizedlist>
<para>As hinted above, marking rules can specify both a mark value and a
mask. The mask determines the subset of the 32 bits in the mark are to be
used in the operation — only those bits that are on in the mask are
manipulated when the rule is executed. For entries in tcrules,
Shorewall-generated rules use a mask value that depends on which program
the rule is part of, what the rule does, and the setting of
HIGH_ROUTE_MARKS.</para>
mask. The mask determines the subset of the 32 bits in the mark to be used
in the operation — only those bits that are on in the mask are manipulated
when the rule is executed. For entries in tcrules, Shorewall-generated
rules use a mask value that depends on which program the rule is part of,
what the rule does, and the setting of HIGH_ROUTE_MARKS.</para>
<para>For entries in tcrules, the default mask value is 0xffff except in
these cases:</para>

10
web/shorewall_index.htm
View File

@ -18,13 +18,13 @@ notes</a> and here are the <a
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/known_problems.txt">known
problems</a> and <a
href="http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.4/errata/">updates</a>.</p>
<p>The current Development Version is 3.3.1 -- Get it from the
<p>The current Development Version is 3.3.2 -- Get it from the
<a href="download.htm">download sites</a>. Here are the <a
href="http://www1.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.1/releasenotes.txt">release
href="http://www1.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.2/releasenotes.txt">release
notes</a> and here are the <a
href="http://www.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.1/known_problems.txt">known
href="http://www.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.2/known_problems.txt">known
problems</a> and <a
href="http://www.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.1/errata/">updates</a>.<span
href="http://www.shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.2/errata/">updates</a>.<span
style="text-decoration: underline;"></span><br>
<br>
Copyright
@ -36,7 +36,7 @@ Foundation; with no Invariant Sections, with no Front-Cover, and with
no Back-Cover Texts. A copy of the license is included in the section
entitled “<a href="GnuCopyright.htm" target="_self">GNU Free
Documentation License</a>”.</p>
<p>2006-09-26</p>
<p>2006-09-30</p>
<hr>
<h3>Table of Contents</h3>
<p style="margin-left: 0.42in; margin-bottom: 0in;"><a href="#Intro">Introduction