forked from extern/shorewall_code
Correctons to LOG_BACKEND implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
580e00dabd
commit
540eff24aa
@ -743,7 +743,7 @@ sub compiler {
|
|||||||
|
|
||||||
setup_source_routing($family);
|
setup_source_routing($family);
|
||||||
|
|
||||||
setup_log_backend;
|
setup_log_backend($family);
|
||||||
#
|
#
|
||||||
# Proxy Arp/Ndp
|
# Proxy Arp/Ndp
|
||||||
#
|
#
|
||||||
|
@ -5750,7 +5750,7 @@ sub get_configuration( $$$$$ ) {
|
|||||||
|
|
||||||
if ( defined( $val = $config{LOG_BACKEND} ) ) {
|
if ( defined( $val = $config{LOG_BACKEND} ) ) {
|
||||||
if ( $family == F_IPV4 && $val eq 'ULOG' ) {
|
if ( $family == F_IPV4 && $val eq 'ULOG' ) {
|
||||||
$val = 'xt_ULOG';
|
$val = 'ipt_ULOG';
|
||||||
} elsif ( $val eq 'netlink' ) {
|
} elsif ( $val eq 'netlink' ) {
|
||||||
$val = 'nfnetlink_log';
|
$val = 'nfnetlink_log';
|
||||||
} elsif ( $val eq 'LOG' ) {
|
} elsif ( $val eq 'LOG' ) {
|
||||||
|
@ -349,17 +349,22 @@ sub setup_interface_proc( $ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub setup_log_backend() {
|
sub setup_log_backend($) {
|
||||||
if ( my $setting = $config{LOG_BACKEND} ) {
|
if ( my $setting = $config{LOG_BACKEND} ) {
|
||||||
my $file = '/proc/sys/net/netfilter/nf_log';
|
my $family = shift;
|
||||||
|
my $file = '/proc/net/netfilter/nf_log';
|
||||||
|
my $ctl = 'net.netfilter.nf_log.' . ( $family == F_IPV4 ? '2' : '10' );
|
||||||
|
|
||||||
emit( "if -f $file; then",
|
emit( 'progress_message2 "Setting up log backend"',
|
||||||
" if echo $setting > $file; then",
|
'',
|
||||||
|
"if [ -f $file ]; then",
|
||||||
|
" if sysctl $ctl=$setting; then",
|
||||||
" progress_message 'Log Backend set to $setting'",
|
" progress_message 'Log Backend set to $setting'",
|
||||||
" else",
|
' else',
|
||||||
" error_meessage 'WARNING: Unable to set log backend to $setting'",
|
" error_message 'WARNING: Unable to set log backend to $setting'",
|
||||||
"else",
|
' fi',
|
||||||
" error_message 'WARNING: $file does not exist - log backend not set",
|
'else',
|
||||||
|
" error_message 'WARNING: $file does not exist - log backend not set'",
|
||||||
"fi\n" );
|
"fi\n" );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -382,7 +382,7 @@ ACCEPT:NFLOG(1,0,1) vpn fw tcp ssh,time,631,8080 </programlis
|
|||||||
|
|
||||||
<para>Example - change the IPv4 backend to LOG:</para>
|
<para>Example - change the IPv4 backend to LOG:</para>
|
||||||
|
|
||||||
<programlisting>echo ipt_LOG > /proc/net/netfilter/nf_log.2</programlisting>
|
<programlisting>sysctl net.netfilter.nf_log.2=ipt_LOG</programlisting>
|
||||||
|
|
||||||
<para>Beginning with Shorewall 4.6.4, you can configure the backend using
|
<para>Beginning with Shorewall 4.6.4, you can configure the backend using
|
||||||
the LOG_BACKEND option in <ulink
|
the LOG_BACKEND option in <ulink
|
||||||
|
Loading…
Reference in New Issue
Block a user