forked from extern/shorewall_code
Add LOG_LEVEL option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
b4561e97c8
commit
735919d8d3
@ -792,6 +792,7 @@ sub initialize( $;$$) {
|
|||||||
INVALID_LOG_LEVEL => undef,
|
INVALID_LOG_LEVEL => undef,
|
||||||
UNTRACKED_LOG_LEVEL => undef,
|
UNTRACKED_LOG_LEVEL => undef,
|
||||||
LOG_BACKEND => undef,
|
LOG_BACKEND => undef,
|
||||||
|
LOG_LEVEL => undef,
|
||||||
#
|
#
|
||||||
# Location of Files
|
# Location of Files
|
||||||
#
|
#
|
||||||
@ -6474,6 +6475,7 @@ sub get_configuration( $$$$ ) {
|
|||||||
default_log_level 'RELATED_LOG_LEVEL', '';
|
default_log_level 'RELATED_LOG_LEVEL', '';
|
||||||
default_log_level 'INVALID_LOG_LEVEL', '';
|
default_log_level 'INVALID_LOG_LEVEL', '';
|
||||||
default_log_level 'UNTRACKED_LOG_LEVEL', '';
|
default_log_level 'UNTRACKED_LOG_LEVEL', '';
|
||||||
|
default_log_level 'LOG_LEVEL', 'info';
|
||||||
|
|
||||||
if ( supplied( $val = $config{LOG_BACKEND} ) ) {
|
if ( supplied( $val = $config{LOG_BACKEND} ) ) {
|
||||||
if ( $family == F_IPV4 && $val eq 'ULOG' ) {
|
if ( $family == F_IPV4 && $val eq 'ULOG' ) {
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -10,4 +10,4 @@
|
|||||||
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
|
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
|
||||||
# LEVEL BURST MASK
|
# LEVEL BURST MASK
|
||||||
$FW net ACCEPT
|
$FW net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
|
@ -33,6 +33,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -53,19 +55,19 @@ LOGTAGONLY=No
|
|||||||
|
|
||||||
LOGLIMIT="s:1/sec:10"
|
LOGLIMIT="s:1/sec:10"
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=$LOG
|
MACLIST_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
RELATED_LOG_LEVEL=
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL=$LOG
|
RPFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL=$LOG
|
SFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=$LOG
|
SMURF_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall-init.log
|
STARTUP_LOG=/var/log/shorewall-init.log
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=$LOG
|
TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
UNTRACKED_LOG_LEVEL=
|
||||||
|
|
||||||
@ -108,7 +110,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT="none"
|
ACCEPT_DEFAULT="none"
|
||||||
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="Broadcast(DROP)"
|
DROP_DEFAULT="Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT="none"
|
NFQUEUE_DEFAULT="none"
|
||||||
QUEUE_DEFAULT="none"
|
QUEUE_DEFAULT="none"
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -13,6 +13,6 @@
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||||
$FW net ACCEPT
|
$FW net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
# The FOLLOWING POLICY MUST BE LAST
|
# The FOLLOWING POLICY MUST BE LAST
|
||||||
all all REJECT $LOG
|
all all REJECT $LOG_LEVEL
|
||||||
|
@ -44,6 +44,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -64,19 +66,19 @@ LOGTAGONLY=No
|
|||||||
|
|
||||||
LOGLIMIT="s:1/sec:10"
|
LOGLIMIT="s:1/sec:10"
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL="$LOG"
|
MACLIST_LOG_LEVEL="$LOG_LEVEL"
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
RELATED_LOG_LEVEL=
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL="$LOG"
|
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL="$LOG"
|
SFILTER_LOG_LEVEL="$LOG_LEVEL"
|
||||||
|
|
||||||
SMURF_LOG_LEVEL="$LOG"
|
SMURF_LOG_LEVEL="$LOG_LEVEL"
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall-init.log
|
STARTUP_LOG=/var/log/shorewall-init.log
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL="$LOG"
|
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
UNTRACKED_LOG_LEVEL=
|
||||||
|
|
||||||
@ -119,7 +121,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT="none"
|
ACCEPT_DEFAULT="none"
|
||||||
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="Broadcast(DROP)"
|
DROP_DEFAULT="Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT="none"
|
NFQUEUE_DEFAULT="none"
|
||||||
QUEUE_DEFAULT="none"
|
QUEUE_DEFAULT="none"
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -14,6 +14,6 @@
|
|||||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||||
|
|
||||||
loc net ACCEPT
|
loc net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
# THE FOLLOWING POLICY MUST BE LAST
|
# THE FOLLOWING POLICY MUST BE LAST
|
||||||
all all REJECT $LOG
|
all all REJECT $LOG_LEVEL
|
||||||
|
@ -41,6 +41,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -61,19 +63,19 @@ LOGTAGONLY=No
|
|||||||
|
|
||||||
LOGLIMIT="s:1/sec:10"
|
LOGLIMIT="s:1/sec:10"
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=$LOG
|
MACLIST_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
RELATED_LOG_LEVEL=
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL=$LOG
|
RPFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL=$LOG
|
SFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=$LOG
|
SMURF_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall-init.log
|
STARTUP_LOG=/var/log/shorewall-init.log
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=$LOG
|
TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
UNTRACKED_LOG_LEVEL=
|
||||||
|
|
||||||
@ -116,11 +118,11 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT="none"
|
ACCEPT_DEFAULT="none"
|
||||||
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG"
|
DROP_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL"
|
||||||
NFQUEUE_DEFAULT="none"
|
NFQUEUE_DEFAULT="none"
|
||||||
QUEUE_DEFAULT="none"
|
QUEUE_DEFAULT="none"
|
||||||
REJECT_DEFAULT="Broadcast(DROP),dropInvalid:$LOG"
|
REJECT_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL"
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# R S H / R C P C O M M A N D S
|
# R S H / R C P C O M M A N D S
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||||
|
|
||||||
loc net ACCEPT
|
loc net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
# THE FOLLOWING POLICY MUST BE LAST
|
# THE FOLLOWING POLICY MUST BE LAST
|
||||||
all all REJECT $LOG
|
all all REJECT $LOG_LEVEL
|
||||||
|
|
||||||
|
@ -44,6 +44,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -64,19 +66,19 @@ LOGTAGONLY=No
|
|||||||
|
|
||||||
LOGLIMIT="s:1/sec:10"
|
LOGLIMIT="s:1/sec:10"
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=$LOG
|
MACLIST_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
RELATED_LOG_LEVEL=
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL=$LOG
|
RPFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL=$LOG
|
SFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=$LOG
|
SMURF_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall-init.log
|
STARTUP_LOG=/var/log/shorewall-init.log
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=$LOG
|
TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
UNTRACKED_LOG_LEVEL=
|
||||||
|
|
||||||
@ -119,7 +121,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT="none"
|
ACCEPT_DEFAULT="none"
|
||||||
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG,dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="Broadcast(DROP),dropInvalid:$LOG_LEVEL,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="Broadcast(DROP)"
|
DROP_DEFAULT="Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT="none"
|
NFQUEUE_DEFAULT="none"
|
||||||
QUEUE_DEFAULT="none"
|
QUEUE_DEFAULT="none"
|
||||||
|
@ -22,4 +22,3 @@
|
|||||||
# net eth0 130.252.100.255 routefilter,norfc1918
|
# net eth0 130.252.100.255 routefilter,norfc1918
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
LOG=info # Default Log Level
|
|
||||||
|
@ -33,6 +33,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -53,19 +55,19 @@ LOGTAGONLY=No
|
|||||||
|
|
||||||
LOGLIMIT="s:1/sec:10"
|
LOGLIMIT="s:1/sec:10"
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=$LOG
|
MACLIST_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
RELATED_LOG_LEVEL=
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL=$LOG
|
RPFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL=$LOG
|
SFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=$LOG
|
SMURF_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall-init.log
|
STARTUP_LOG=/var/log/shorewall-init.log
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=$LOG
|
TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
UNTRACKED_LOG_LEVEL=
|
||||||
|
|
||||||
@ -108,7 +110,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
ACCEPT_DEFAULT=none
|
||||||
BLACKLIST_DEFAULT="Broadcast(DROP),dropNotSyn:$LOG,dropInvalid:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="Broadcast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="Broadcast(DROP)"
|
DROP_DEFAULT="Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT=none
|
NFQUEUE_DEFAULT=none
|
||||||
QUEUE_DEFAULT=none
|
QUEUE_DEFAULT=none
|
||||||
|
@ -1356,6 +1356,20 @@ net all DROP info</programlisting>then the chain name is 'net-all'
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis
|
||||||
|
role="bold">LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 5.1.2. Beginning with that release, the
|
||||||
|
sample configurations use this as the default log level and changing
|
||||||
|
it will change all packet logging done by the configuration. In any
|
||||||
|
configuration file (except <ulink
|
||||||
|
url="shorewall-params.html">shorewall-params(5)</ulink>), $LOG_LEVEL
|
||||||
|
will expand to this value.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">LOG_MARTIANS=</emphasis>[<emphasis
|
<term><emphasis role="bold">LOG_MARTIANS=</emphasis>[<emphasis
|
||||||
role="bold">Yes</emphasis>|<emphasis
|
role="bold">Yes</emphasis>|<emphasis
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -10,5 +10,5 @@
|
|||||||
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
|
#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
|
||||||
# LEVEL BURST MASK
|
# LEVEL BURST MASK
|
||||||
fw net ACCEPT
|
fw net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
|
|
||||||
|
@ -34,6 +34,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -105,7 +107,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
ACCEPT_DEFAULT=none
|
||||||
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT=none
|
NFQUEUE_DEFAULT=none
|
||||||
QUEUE_DEFAULT=none
|
QUEUE_DEFAULT=none
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -14,6 +14,6 @@
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||||
$FW net ACCEPT
|
$FW net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
# The FOLLOWING POLICY MUST BE LAST
|
# The FOLLOWING POLICY MUST BE LAST
|
||||||
all all REJECT $LOG
|
all all REJECT $LOG_LEVEL
|
||||||
|
@ -35,6 +35,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -106,7 +108,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
ACCEPT_DEFAULT=none
|
||||||
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT=none
|
NFQUEUE_DEFAULT=none
|
||||||
QUEUE_DEFAULT=none
|
QUEUE_DEFAULT=none
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -14,6 +14,6 @@
|
|||||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||||
|
|
||||||
loc net ACCEPT
|
loc net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
all all REJECT $LOG
|
all all REJECT $LOG_LEVEL
|
||||||
|
|
||||||
|
@ -34,6 +34,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -105,7 +107,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
ACCEPT_DEFAULT=none
|
||||||
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT=none
|
NFQUEUE_DEFAULT=none
|
||||||
QUEUE_DEFAULT=none
|
QUEUE_DEFAULT=none
|
||||||
|
@ -11,5 +11,3 @@
|
|||||||
#------------------------------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------------------------------
|
||||||
# For information on entries in this file, type "man shorewall-params"
|
# For information on entries in this file, type "man shorewall-params"
|
||||||
######################################################################################################################################################################################################
|
######################################################################################################################################################################################################
|
||||||
|
|
||||||
LOG=info # Change this to change the way in which packets are logged.
|
|
||||||
|
@ -14,6 +14,6 @@
|
|||||||
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
|
||||||
|
|
||||||
loc net ACCEPT
|
loc net ACCEPT
|
||||||
net all DROP $LOG
|
net all DROP $LOG_LEVEL
|
||||||
all all REJECT $LOG
|
all all REJECT $LOG_LEVEL
|
||||||
|
|
||||||
|
@ -34,6 +34,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -105,7 +107,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
ACCEPT_DEFAULT=none
|
||||||
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT=none
|
NFQUEUE_DEFAULT=none
|
||||||
QUEUE_DEFAULT=none
|
QUEUE_DEFAULT=none
|
||||||
|
@ -21,4 +21,3 @@
|
|||||||
# net eth0 - dhcp,nosmurfs
|
# net eth0 - dhcp,nosmurfs
|
||||||
#
|
#
|
||||||
###############################################################################
|
###############################################################################
|
||||||
LOG=info # Default Log Level
|
|
||||||
|
@ -34,6 +34,8 @@ FIREWALL=
|
|||||||
# L O G G I N G
|
# L O G G I N G
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
BLACKLIST_LOG_LEVEL=
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
INVALID_LOG_LEVEL=
|
||||||
@ -52,19 +54,19 @@ LOGLIMIT="s:1/sec:10"
|
|||||||
|
|
||||||
LOGTAGONLY=No
|
LOGTAGONLY=No
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=$LOG
|
MACLIST_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
RELATED_LOG_LEVEL=
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL=$LOG
|
RPFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL=$LOG
|
SFILTER_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=$LOG
|
SMURF_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall6-init.log
|
STARTUP_LOG=/var/log/shorewall6-init.log
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=$LOG
|
TCP_FLAGS_LOG_LEVEL=$LOG_LEVEL
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
UNTRACKED_LOG_LEVEL=
|
||||||
|
|
||||||
@ -105,7 +107,7 @@ TC=
|
|||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
ACCEPT_DEFAULT=none
|
||||||
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP)s,dropNotSyn:$LOG,DropDNSrep:$LOG"
|
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP)s,dropNotSyn:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||||
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
DROP_DEFAULT="AllowICMPs,Broadcast(DROP)"
|
||||||
NFQUEUE_DEFAULT=none
|
NFQUEUE_DEFAULT=none
|
||||||
QUEUE_DEFAULT=none
|
QUEUE_DEFAULT=none
|
||||||
|
@ -1185,6 +1185,20 @@ net all DROP info</programlisting>then the chain name is 'net-all'
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis
|
||||||
|
role="bold">LOG_LEVEL=</emphasis><emphasis>log-level</emphasis>[:<replaceable>log-tag</replaceable>]</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 5.1.2. Beginning with that release, the
|
||||||
|
sample configurations use this as the default log level and changing
|
||||||
|
it will change all packet logging done by the configuration. In any
|
||||||
|
configuration file (except <ulink
|
||||||
|
url="shorewall6-params.html">shorewall6-params(5)</ulink>),
|
||||||
|
$LOG_LEVEL will expand to this value.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">LOG_VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>
|
role="bold">LOG_VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>
|
||||||
|
Loading…
Reference in New Issue
Block a user