Fix log rule number generation and implement LOGTAGONLY

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1649 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -89,3 +89,5 @@ Changes since 2.0.3
 42) Fix DELAYBLACKLISTLOAD=No.
 
 43) Merge 'brctl show' change from 2.0.9.
+
+44) Implememt LOGTAGONLY.

Shorewall2/firewall

@@ -1239,18 +1239,24 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi
     local limit="${5:-$LOGLIMIT}"
     local tag=${6:+$6 }
     local prefix
+    local base=$(chain_base $displayChain)
 
     shift;shift;shift;shift;shift
 
-    if [ -n "$LOGRULENUMBERS" ]; then
+    if [ -n "$tag" -a -n "$LOGTAGONLY" ]; then
-	eval rulenum=\$${chain}_logrules
+	displayChain=$tag
+	tag=
+    fi
 
-	[ -z "$rulenum" ] && rulenum=1
+    if [ -n "$LOGRULENUMBERS" ]; then
+	eval rulenum=\$${base}_logrules
+
+	rulenum=${rulenum:-1}
 
 	prefix="$(printf "$LOGFORMAT" $displayChain $rulenum $disposition)${tag}"
 
 	rulenum=$(($rulenum + 1))
-	eval ${chain}_logrules=$rulenum
+	eval ${base}_logrules=$rulenum
     else
 	prefix="$(printf "$LOGFORMAT" $displayChain $disposition)${tag}"
     fi
@@ -6800,6 +6806,7 @@ do_initialize() {
     PKTTYPE=
     RETAIN_ALIASES=
     DELAYBLACKLISTLOAD=
+    LOGTAGONLY=
 
     RESTOREBASE=
     TMP_DIR=
@@ -6977,6 +6984,7 @@ do_initialize() {
     STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED)
     RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES)
     DELAYBLACKLISTLOAD=$(added_param_value_no DELAYBLACKLISTLOAD $DELAYBLACKLISTLOAD)
+    LOGTAGONLY=$(added_param_value_no LOGTAGONLY $LOGTAGONLY)
     #
     # Strip the files that we use often
     #

Shorewall2/releasenotes.txt

@@ -1,4 +1,4 @@
-Shorewall 2.1.9
+Shorewall 2.1.10
 
 ----------------------------------------------------------------------
 Problems Corrected since 2.0.3
@@ -495,4 +495,23 @@ New Features:
     construction of the blacklist, it can substantially reduce the time
     that all new connections are disabled during "shorewall [re]start".
 
+18) Using the default LOGFORMAT, chain names longer than 11 characters 
+    (such as in user-defined actions) may result in log prefix
+    truncation. A new shorewall.conf action  LOGTAGONLY has been added
+    to deal with this problem. When LOGTAGONLY=Yes, logging rules that
+    specify a log tag will substitute the tag for the chain name in the
+    log prefix.
 
+    Example -- file /etc/shorewall/action.thisisaverylogactionname:
+
+    Rule:
+
+	DROP:info:ftp	0.0.0.0/0	0.0.0.0/0	tcp	    21
+	
+    Log prefix with LOGTAGONLY=No:
+
+	Shorewall:thisisaverylongacti
+
+    Log prefix with LOGTAGONLY=Yes:
+
+	Shorewall:ftp:DROP

Shorewall2/shorewall.conf

@@ -93,6 +93,18 @@ LOGFILE=/var/log/messages
 
 LOGFORMAT="Shorewall:%s:%s:"
 
+#
+# LOG FORMAT Continued
+#
+# Using the default LOGFORMAT, chain names may not exceed 11 characters or 
+# truncation of the log prefix may occur. Longer chain names may be used with
+# log tags if you set LOGTAGONLY=Yes. With LOGTAGONLY=Yes, if a log tag is 
+# specified then the tag is included in the log prefix in place of the chain
+# name.
+#
+
+LOGTAGONLY=No
+
 #
 # LOG RATE LIMITING
 #