From fade3ef43c85fc80c1899f082418e2ab3841dec0 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 11 Mar 2005 19:23:02 +0000 Subject: [PATCH] Fix log-rule generation patch git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1998 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Lrp2/usr/share/shorewall/firewall | 16 ++++++++++++++-- Shorewall2/firewall | 16 ++++++++++++++-- Shorewall2/tcrules | 2 +- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/Lrp2/usr/share/shorewall/firewall b/Lrp2/usr/share/shorewall/firewall index c4537e44a..38569020d 100755 --- a/Lrp2/usr/share/shorewall/firewall +++ b/Lrp2/usr/share/shorewall/firewall @@ -1303,10 +1303,22 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi case $level in ULOG) - run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; *) - run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; esac diff --git a/Shorewall2/firewall b/Shorewall2/firewall index c4537e44a..38569020d 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1303,10 +1303,22 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi case $level in ULOG) - run_iptables $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; *) - run_iptables $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix" + if ! $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"; then + if [ -z "$stopping" ]; then + error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\"\" Failed" + stop_firewall + exit 2 + fi + fi ;; esac diff --git a/Shorewall2/tcrules b/Shorewall2/tcrules index 41c132641..4c2009af0 100755 --- a/Shorewall2/tcrules +++ b/Shorewall2/tcrules @@ -41,7 +41,7 @@ # C - Mark the connection in the chain determined # by the setting of MARK_IN_FORWARD_CHAIN # -# CF: Mark the conneciton in the FORWARD chain +# CF: Mark the connection in the FORWARD chain # # CP: Mark the connection in the PREROUTING chain. #