From 70f46c02cc8081e1e30a0f5e6470d20856395b36 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 5 Aug 2009 12:48:14 -0700 Subject: [PATCH] Fix logging NAT rules --- Shorewall/Perl/Shorewall/Chains.pm | 2 +- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 7 ++++++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index ed3167534..f068006ab 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2816,7 +2816,7 @@ sub expand_rule( $$$$$$$$$$;$ ) 'add', '' ); - add_rule( $chainref, $target ); + add_rule( $chainref, $exceptionrule . $target ); } else { log_rule_limit( $loglevel , diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index e9b3f2726..c7771ed23 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in Shorewall 4.4.0 1) Fix 'compile ... -' so that it no longer requires '-v-1' +2) Fix rule generation for logging nat rules with no exclusion. + Changes in Shorewall 4.4.0-RC2 1) Fix capabilities file with Shorewall6. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index d8d90b6e5..517542d5e 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -133,7 +133,12 @@ None. N E W F E A T U R E S I N 4 . 4 . 0 ---------------------------------------------------------------------------- -None. +1) Perviously, a nat rule (DNAT, REDIRECT, etc.) with logging + specified could cause invalid iptables input to be generated. + + Example of rule: + + REDIRECT:ULOG wall 82 tcp 80 ---------------------------------------------------------------------------- N E W F E A T U R E S IN 4 . 4