diff --git a/Lrp2/usr/share/shorewall/firewall b/Lrp2/usr/share/shorewall/firewall index c4537e44a..38569020d 100755 --- a/Lrp2/usr/share/shorewall/firewall +++ b/Lrp2/usr/share/shorewall/firewall @@ -1303,10 +1303,22 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi case $level in ULOG) - run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; *) - run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; esac diff --git a/Shorewall2/firewall b/Shorewall2/firewall index c4537e44a..38569020d 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1303,10 +1303,22 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi case $level in ULOG) - run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; *) - run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; esac diff --git a/Shorewall2/tcrules b/Shorewall2/tcrules index 41c132641..4c2009af0 100755 --- a/Shorewall2/tcrules +++ b/Shorewall2/tcrules @@ -41,7 +41,7 @@ # C - Mark the connection in the chain determined # by the setting of MARK_IN_FORWARD_CHAIN # -# CF: Mark the conneciton in the FORWARD chain +# CF: Mark the connection in the FORWARD chain # # CP: Mark the connection in the PREROUTING chain. #