From 7a74380f7eedf346bcf8c56fb6a5879c7a0e6431 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 25 Sep 2004 17:18:25 +0000 Subject: [PATCH] Fix log rule number generation and implement LOGTAGONLY git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1649 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 2 ++ Shorewall2/firewall | 16 ++++++++++++---- Shorewall2/releasenotes.txt | 21 ++++++++++++++++++++- Shorewall2/shorewall.conf | 12 ++++++++++++ 4 files changed, 46 insertions(+), 5 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 867f34c74..c34fe43f2 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -89,3 +89,5 @@ Changes since 2.0.3 42) Fix DELAYBLACKLISTLOAD=No. 43) Merge 'brctl show' change from 2.0.9. + +44) Implememt LOGTAGONLY. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 152146345..357bbc62d 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1239,18 +1239,24 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi local limit="${5:-$LOGLIMIT}" local tag=${6:+$6 } local prefix + local base=$(chain_base $displayChain) shift;shift;shift;shift;shift - if [ -n "$LOGRULENUMBERS" ]; then - eval rulenum=\$${chain}_logrules + if [ -n "$tag" -a -n "$LOGTAGONLY" ]; then + displayChain=$tag + tag= + fi - [ -z "$rulenum" ] && rulenum=1 + if [ -n "$LOGRULENUMBERS" ]; then + eval rulenum=\$${base}_logrules + + rulenum=${rulenum:-1} prefix="$(printf "$LOGFORMAT" $displayChain $rulenum $disposition)${tag}" rulenum=$(($rulenum + 1)) - eval ${chain}_logrules=$rulenum + eval ${base}_logrules=$rulenum else prefix="$(printf "$LOGFORMAT" $displayChain $disposition)${tag}" fi @@ -6800,6 +6806,7 @@ do_initialize() { PKTTYPE= RETAIN_ALIASES= DELAYBLACKLISTLOAD= + LOGTAGONLY= RESTOREBASE= TMP_DIR= @@ -6977,6 +6984,7 @@ do_initialize() { STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED) RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES) DELAYBLACKLISTLOAD=$(added_param_value_no DELAYBLACKLISTLOAD $DELAYBLACKLISTLOAD) + LOGTAGONLY=$(added_param_value_no LOGTAGONLY $LOGTAGONLY) # # Strip the files that we use often # diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 263e294f8..f01730468 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -1,4 +1,4 @@ -Shorewall 2.1.9 +Shorewall 2.1.10 ---------------------------------------------------------------------- Problems Corrected since 2.0.3 @@ -495,4 +495,23 @@ New Features: construction of the blacklist, it can substantially reduce the time that all new connections are disabled during "shorewall [re]start". +18) Using the default LOGFORMAT, chain names longer than 11 characters + (such as in user-defined actions) may result in log prefix + truncation. A new shorewall.conf action LOGTAGONLY has been added + to deal with this problem. When LOGTAGONLY=Yes, logging rules that + specify a log tag will substitute the tag for the chain name in the + log prefix. + Example -- file /etc/shorewall/action.thisisaverylogactionname: + + Rule: + + DROP:info:ftp 0.0.0.0/0 0.0.0.0/0 tcp 21 + + Log prefix with LOGTAGONLY=No: + + Shorewall:thisisaverylongacti + + Log prefix with LOGTAGONLY=Yes: + + Shorewall:ftp:DROP diff --git a/Shorewall2/shorewall.conf b/Shorewall2/shorewall.conf index 94bd06340..ca0592441 100755 --- a/Shorewall2/shorewall.conf +++ b/Shorewall2/shorewall.conf @@ -93,6 +93,18 @@ LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" +# +# LOG FORMAT Continued +# +# Using the default LOGFORMAT, chain names may not exceed 11 characters or +# truncation of the log prefix may occur. Longer chain names may be used with +# log tags if you set LOGTAGONLY=Yes. With LOGTAGONLY=Yes, if a log tag is +# specified then the tag is included in the log prefix in place of the chain +# name. +# + +LOGTAGONLY=No + # # LOG RATE LIMITING #