diff --git a/Shorewall-lite/shorewall.conf b/Shorewall-lite/shorewall.conf index 0cc936efb..70c95bfd1 100644 --- a/Shorewall-lite/shorewall.conf +++ b/Shorewall-lite/shorewall.conf @@ -70,12 +70,13 @@ LOGFILE= # # LOGFORMAT="fp=%s:%d a=%s " # -# CAUTION: /sbin/shorewall-lite uses the leading part of the LOGFORMAT string -# (up to but not including the first '%') to find log messages in the 'show log', -# 'status' and 'hits' commands. This part should not be omitted (the -# LOGFORMAT should not begin with "%") and the leading part should be -# sufficiently unique for /sbin/shorewall-lite to identify Shorewall Lite -# messages. +# Beginning with Shorewall 3.3.3, The contents of LOGFORMAT determine the +# maximum length of a Shorewall zone name. LOGFORMAT must produce a string no +# longer than 29 bytes when passed the chain name, [rule number], and 'ACCEPT'. +# Using the default LOGFORMAT, the name of a chain must be 11 characters or +# less; since chain names are often of the form 2, zone names are +# limited to 5 characters using the default LOGFORMAT. In contrast, if +# LOGFORMAT="FW:%s:%s:", then zone names can be as long as 8 characters. # LOGFORMAT= diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf index b9812ec74..175156a44 100644 --- a/Shorewall/shorewall.conf +++ b/Shorewall/shorewall.conf @@ -145,12 +145,13 @@ LOGFILE=/var/log/messages # If not specified or specified as empty (LOGFORMAT="") then the value # "Shorewall:%s:%s:" is assumed. # -# CAUTION: /sbin/shorewall uses the leading part of the LOGFORMAT string (up -# to but not including the first '%') to find log messages in the 'show log', -# 'status' and 'hits' commands. This part should not be omitted (the -# LOGFORMAT should not begin with "%") and the leading part should be -# sufficiently unique for /sbin/shorewall to identify Shorewall messages. -# +# Beginning with Shorewall 3.3.3, The contents of LOGFORMAT determine the +# maximum length of a Shorewall zone name. LOGFORMAT must produce a string no +# longer than 29 bytes when passed the chain name, [rule number], and 'ACCEPT'. +# Using the default LOGFORMAT, the name of a chain must be 11 characters or +# less; since chain names are often of the form 2, zone names are +# limited to 5 characters using the default LOGFORMAT. In contrast, if +# LOGFORMAT="FW:%s:%s:", then zone names can be as long as 8 characters. LOGFORMAT="Shorewall:%s:%s:" diff --git a/Shorewall/zones b/Shorewall/zones index 3a4e68469..edebce679 100644 --- a/Shorewall/zones +++ b/Shorewall/zones @@ -20,9 +20,11 @@ # # Columns are: # -# ZONE Short name of the zone (5 Characters or less in length). -# The names "all" and "none" are reserved and may not be -# used as zone names. +# ZONE Short name of the zone. The names "all" and "none" are reserved +# and may not be used as zone names. The maximum length of a +# zone name is determined by the setting of the LOGFORMAT option +# in shorewall.conf. With the default LOGFORMAT, zone names can +# be at most 5 characters long. # # Where a zone is nested in one or more other zones, # you may follow the (sub)zone name by ":" and a