On 7/20/11 4:14 PM, Steven Jan Springl wrote: > To get the following rule to work, I applied the LOGMARK patch that you wrote > for Ed W. > > LOG:LOGMARK(info) lan fw tcp 100 > > If I change the rule to: > > LOG:LOGMARK() lan fw tcp 100 > > The following iptables rule is generated: > > -A lan2fw -p 6 --dport 100 -m hashlimit --hashlimit-upto > 4/sec --hashlimit-burst 8 --hashlimit-name lograte --hashlimit-mode dstip -j > LOGMARK --log-level --log-prefix "Shorewall:la:" > > which produces the following messages: > > Use of uninitialized value $sublevel in pattern match (m//) > at /usr/share/shorewall/Shorewall/Config.pm line 2145, <$currentfile> line > 18. > > Use of uninitialized value $sublevel in concatenation (.) or string > at /usr/share/shorewall/Shorewall/Config.pm line 2149, <$currentfile> line > 18. > > iptables-restore v1.4.11.1: LOGMARK: Bad value for "--log-level" > option: "--log-prefix"
Steven, I had already changed the LOGMARK implementation to make the parameter optional (default is 6). See if this doesn't correct that problem. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
commit f8be76f47116f34289b184b5badbc4d12597d784 Author: Tom Eastep <[email protected]> Date: Tue Jul 19 11:57:12 2011 -0700 Make LOGMARK work without a parameter. Signed-off-by: Tom Eastep <[email protected]> diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 2eb9158..a275b2f 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -574,6 +574,13 @@ sub initialize( $ ) { MASK_BITS => undef ); + + # + # Valid log levels + # + # Note that we don't include LOGMARK; that is so we can default its + # priority to 'info' (LOGMARK itself defaults to 'warn'). + # %validlevels = ( DEBUG => 7, INFO => 6, NOTICE => 5, @@ -587,7 +594,7 @@ sub initialize( $ ) { PANIC => 0, NONE => '', NFLOG => 'NFLOG', - LOGMARK => 'LOGMARK' ); + ); # # From parsing the capabilities file or capabilities detection @@ -2137,12 +2144,15 @@ sub validate_level( $ ) { return $rawlevel; } - if ( $level =~ /LOGMARK[(](.*)[)]$/ ) { - my $sublevel = $1; - - $sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/; + if ( $level =~ /LOGMARK([(](.+)[)])?$/ ) { + my $sublevel = $2; - level_error( $level ) unless defined $sublevel =~ /^[0-7]$/; + if ( $1 ) { + $sublevel = $validlevels{$sublevel} unless $sublevel =~ /^[0-7]$/; + level_error( $level ) unless defined $sublevel =~ /^[0-7]$/; + } else { + $sublevel = 6; # info + } require_capability ( 'LOG_TARGET' , 'A log level other than NONE', 's' ); require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' ); diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index 44858c9..b2c1752 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -80,11 +80,12 @@ <simplelist> <member><emphasis - role="bold">LOGMARK</emphasis><replaceable>(priority)</replaceable></member> + role="bold">LOGMARK[</emphasis><replaceable>(priority)</replaceable><emphasis + role="bold">]</emphasis></member> </simplelist> <para>where <replaceable>priority</replaceable> is one of the levels - listed in the list above.</para> + listed in the list above. If omitted, the default is info (6).</para> <para>The following options may be set in shorewall.conf.</para>
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
