diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index d13f411b8..40c9a7fa0 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -792,6 +792,7 @@ sub initialize( $;$$) {
INVALID_LOG_LEVEL => undef,
UNTRACKED_LOG_LEVEL => undef,
LOG_BACKEND => undef,
+ LOG_LEVEL => undef,
#
# Location of Files
#
@@ -6474,6 +6475,7 @@ sub get_configuration( $$$$ ) {
default_log_level 'RELATED_LOG_LEVEL', '';
default_log_level 'INVALID_LOG_LEVEL', '';
default_log_level 'UNTRACKED_LOG_LEVEL', '';
+ default_log_level 'LOG_LEVEL', 'info';
if ( supplied( $val = $config{LOG_BACKEND} ) ) {
if ( $family == F_IPV4 && $val eq 'ULOG' ) {
diff --git a/Shorewall/Samples/Universal/params b/Shorewall/Samples/Universal/params
index a9fa8f7a9..57c79d8c8 100644
--- a/Shorewall/Samples/Universal/params
+++ b/Shorewall/Samples/Universal/params
@@ -11,5 +11,3 @@
#------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall-params"
######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
diff --git a/Shorewall/Samples/Universal/policy b/Shorewall/Samples/Universal/policy
index c75c81120..c8883d58e 100644
--- a/Shorewall/Samples/Universal/policy
+++ b/Shorewall/Samples/Universal/policy
@@ -10,4 +10,4 @@
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
$FW net ACCEPT
-net all DROP $LOG
+net all DROP $LOG_LEVEL
diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf
index d83800464..2299674db 100644
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -33,6 +33,8 @@ FIREWALL=
# L O G G I N G
###############################################################################
+LOG_LEVEL=info
+
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
@@ -53,19 +55,19 @@ LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL
RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL
-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL
-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL
STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
UNTRACKED_LOG_LEVEL=
@@ -108,7 +110,7 @@ TC=
###############################################################################
ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
diff --git a/Shorewall/Samples/one-interface/params b/Shorewall/Samples/one-interface/params
index 3ce1cab01..80b7793e8 100644
--- a/Shorewall/Samples/one-interface/params
+++ b/Shorewall/Samples/one-interface/params
@@ -11,5 +11,3 @@
#------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall-params"
######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
diff --git a/Shorewall/Samples/one-interface/policy b/Shorewall/Samples/one-interface/policy
index 443c838cb..9817d997c 100644
--- a/Shorewall/Samples/one-interface/policy
+++ b/Shorewall/Samples/one-interface/policy
@@ -13,6 +13,6 @@
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
$FW net ACCEPT
-net all DROP $LOG
+net all DROP $LOG_LEVEL
# The FOLLOWING POLICY MUST BE LAST
-all all REJECT $LOG
+all all REJECT $LOG_LEVEL
diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf
index d3e440967..c142f6e3d 100644
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -44,6 +44,8 @@ FIREWALL=
# L O G G I N G
###############################################################################
+LOG_LEVEL=info
+
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
@@ -64,19 +66,19 @@ LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL="$LOG"
+MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL="$LOG"
+RPFILTER_LOG_LEVEL="$LOG_LEVEL"
-SFILTER_LOG_LEVEL="$LOG"
+SFILTER_LOG_LEVEL="$LOG_LEVEL"
-SMURF_LOG_LEVEL="$LOG"
+SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL="$LOG"
+TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
@@ -119,7 +121,7 @@ TC=
###############################################################################
ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
diff --git a/Shorewall/Samples/three-interfaces/params b/Shorewall/Samples/three-interfaces/params
index 442a2fd82..63bf508e9 100644
--- a/Shorewall/Samples/three-interfaces/params
+++ b/Shorewall/Samples/three-interfaces/params
@@ -11,5 +11,3 @@
#------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall-params"
######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
diff --git a/Shorewall/Samples/three-interfaces/policy b/Shorewall/Samples/three-interfaces/policy
index bbdc5b2ef..b5df41fb3 100644
--- a/Shorewall/Samples/three-interfaces/policy
+++ b/Shorewall/Samples/three-interfaces/policy
@@ -14,6 +14,6 @@
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
-net all DROP $LOG
+net all DROP $LOG_LEVEL
# THE FOLLOWING POLICY MUST BE LAST
-all all REJECT $LOG
+all all REJECT $LOG_LEVEL
diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf
index a771c6cd9..e87792e89 100644
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -41,6 +41,8 @@ FIREWALL=
# L O G G I N G
###############################################################################
+LOG_LEVEL=info
+
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
@@ -61,19 +63,19 @@ LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL
RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL
-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL
-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL
STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
UNTRACKED_LOG_LEVEL=
@@ -116,11 +118,11 @@ TC=
###############################################################################
ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
-DROP_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
-REJECT_DEFAULT="Broadcast(DROP),dropInvalid:$LOG"
+REJECT_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL"
###############################################################################
# R S H / R C P C O M M A N D S
diff --git a/Shorewall/Samples/two-interfaces/params b/Shorewall/Samples/two-interfaces/params
index 77c73ad9f..b45d6f1dd 100644
--- a/Shorewall/Samples/two-interfaces/params
+++ b/Shorewall/Samples/two-interfaces/params
@@ -11,5 +11,3 @@
#------------------------------------------------------------------------------------------------------------
# For information on entries in this file, type "man shorewall-params"
######################################################################################################################################################################################################
-
-LOG=info # Change this to change the way in which packets are logged.
diff --git a/Shorewall/Samples/two-interfaces/policy b/Shorewall/Samples/two-interfaces/policy
index 4e5a45843..849e1c9e4 100644
--- a/Shorewall/Samples/two-interfaces/policy
+++ b/Shorewall/Samples/two-interfaces/policy
@@ -14,7 +14,7 @@
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net ACCEPT
-net all DROP $LOG
+net all DROP $LOG_LEVEL
# THE FOLLOWING POLICY MUST BE LAST
-all all REJECT $LOG
+all all REJECT $LOG_LEVEL
diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf
index c012c28f6..db1fc30d4 100644
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -44,6 +44,8 @@ FIREWALL=
# L O G G I N G
###############################################################################
+LOG_LEVEL=info
+
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
@@ -64,19 +66,19 @@ LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL
RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL
-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL
-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL
STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
UNTRACKED_LOG_LEVEL=
@@ -119,7 +121,7 @@ TC=
###############################################################################
ACCEPT_DEFAULT="none"
-BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
diff --git a/Shorewall/configfiles/params b/Shorewall/configfiles/params
index ba3a76f9e..0c50d5810 100644
--- a/Shorewall/configfiles/params
+++ b/Shorewall/configfiles/params
@@ -22,4 +22,3 @@
# net eth0 130.252.100.255 routefilter,norfc1918
#
###############################################################################
-LOG=info # Default Log Level
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index 3c76deeb5..9393221b5 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -33,6 +33,8 @@ FIREWALL=
# L O G G I N G
###############################################################################
+LOG_LEVEL=info
+
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
@@ -53,19 +55,19 @@ LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
-MACLIST_LOG_LEVEL=$LOG
+MACLIST_LOG_LEVEL=$LOG_LEVEL
RELATED_LOG_LEVEL=
-RPFILTER_LOG_LEVEL=$LOG
+RPFILTER_LOG_LEVEL=$LOG_LEVEL
-SFILTER_LOG_LEVEL=$LOG
+SFILTER_LOG_LEVEL=$LOG_LEVEL
-SMURF_LOG_LEVEL=$LOG
+SMURF_LOG_LEVEL=$LOG_LEVEL
STARTUP_LOG=/var/log/shorewall-init.log
-TCP_FLAGS_LOG_LEVEL=$LOG
+TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
UNTRACKED_LOG_LEVEL=
@@ -108,7 +110,7 @@ TC=
###############################################################################
ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),dropNotSyn:$LOG,dropInvalid:$LOG,DropDNSrep:$LOG"
+BLACKLIST_DEFAULT="Broadcast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP)"
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 1828fa083..23e6f25dd 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -1356,6 +1356,20 @@ net all DROP infothen the chain name is 'net-all'
+
+ LOG_LEVEL=log-level[:log-tag]
+
+
+ Added in Shorewall 5.1.2. Beginning with that release, the
+ sample configurations use this as the default log level and changing
+ it will change all packet logging done by the configuration. In any
+ configuration file (except shorewall-params(5)), $LOG_LEVEL
+ will expand to this value.
+
+
+
LOG_MARTIANS=[Yes|then the chain name is 'net-all'
+
+ LOG_LEVEL=log-level[:log-tag]
+
+
+ Added in Shorewall 5.1.2. Beginning with that release, the
+ sample configurations use this as the default log level and changing
+ it will change all packet logging done by the configuration. In any
+ configuration file (except shorewall6-params(5)),
+ $LOG_LEVEL will expand to this value.
+
+
+
LOG_VERBOSITY=[number]