Document BOGON_LOG_LEVEL and add it to shorewall.conf

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1204 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-18 16:53:25 +00:00 · 2004-03-18 16:53:25 +00:00 · 05caa78e22
commit 05caa78e22
parent 302cae411e
2 changed files with 34 additions and 11 deletions
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -9,7 +9,25 @@ Problems Corrected since 2.0.0
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0.0 to Shorewall 2.0.1:

-None.
+1) The function of 'norfc1918' is now split between that option and a
+   new 'nobogons' option.
+
+   The rfc1918 file released with Shorewall now contains entries for
+   only those three address ranges reserved by RFC 1918. A 'nobogons'
+   interface option has been added which handles bogon source
+   addresses (those which are reserved by the IANA, those reserved for
+   DHCP auto-configuration and the class C test-net reserved for
+   testing and documentation examples). This will allow users to
+   perform RFC 1918 filtering without having to deal with out
+   of date data from IANA. Those who are willing to update their
+   /usr/share/shorewall/bogons file regularly can specify the
+   'nobogons' option in addition to 'norfc1918'.
+
+   The level at which bogon packets are logged is specified in the new
+   BOGON_LOG_LEVEL variable in shorewall.conf. If that option is not
+   specified or is specified as empty (e.g, BOGON_LOG_LEVEL="") then
+   bogon packets whose TARGET is 'logdrop' in
+   /usr/share/shorewall/bogons are logged at the 'info' level.

 New Features:

@ -17,15 +35,5 @@ New Features:

   http://shorewall.net/bridge.html

-2) The rfc1918 file released with Shorewall now contains entries for
-   only those three address ranges reserved by RFC 1918. A new
-   'nobogons' interface option has been added which handles bogon
-   source addresses (those which are reserved by the IANA, those
-   reserved for DHCP auto-configuration and the class C test-net
-   reserved for testing and documentation examples). This will allow
-   users to perform RFC 1918 filtering without having to deal with out
-   of date data from IANA. Those who are willing to update their
-   /usr/share/shorewall/bogons file regularly can specify the
-   'nobogons' option in addition to 'norfc1918'.

 
--- a/Shorewall2/shorewall.conf
+++ b/Shorewall2/shorewall.conf
@ -171,9 +171,24 @@ RFC1918_LOG_LEVEL=info
 # Specifies the logging level for smurf packets dropped by the
 #'nosmurfs' interface option in /etc/shorewall/interfaces. If set to the empty
 # value ( SMURF_LOG_LEVEL="" ) then dropped smurfs are not logged. 
+#
+# See the comment at the top of this section for a description of log levels
+#

 SMURF_LOG_LEVEL=info

+#
+# BOGON Log Level
+#
+# Specifies the logging level for bogon packets dropped by the
+#'nobogons' interface option in /etc/shorewall/interfaces. If set to the empty
+# value ( BOGON_LOG_LEVEL="" ) then packets whose TARGET is 'logdrop'
+# in /usr/share/shorewall/bogons are logged at the 'info' level.
+#
+# See the comment at the top of this section for a description of log levels
+#
+
+BOGON_LOG_LEVEL=info
 ################################################################################
 #       L O C A T I O N   O F   F I L E S   A N D   D I R E C T O R I E S
 ################################################################################