On Thursday 21 July 2011 00:45:36 Tom Eastep wrote: > On 7/20/11 4:40 PM, Steven Jan Springl wrote: > > On Thursday 21 July 2011 00:24:10 Tom Eastep wrote: > >> On 7/20/11 4:14 PM, Steven Jan Springl wrote: > >>> To get the following rule to work, I applied the LOGMARK patch that you > >>> wrote for Ed W. > >>> > >>> LOG:LOGMARK(info) lan fw tcp 100 > >>> > >>> If I change the rule to: > >>> > >>> LOG:LOGMARK() lan fw tcp 100 > >>> > >>> The following iptables rule is generated: > >>> > >>> -A lan2fw -p 6 --dport 100 -m hashlimit --hashlimit-upto > >>> 4/sec --hashlimit-burst 8 --hashlimit-name lograte --hashlimit-mode > >>> dstip -j LOGMARK --log-level --log-prefix "Shorewall:la:" > >>> > >>> which produces the following messages: > >>> > >>> Use of uninitialized value $sublevel in pattern match (m//) > >>> at /usr/share/shorewall/Shorewall/Config.pm line 2145, <$currentfile> > >>> line 18. > >>> > >>> Use of uninitialized value $sublevel in concatenation (.) or string > >>> at /usr/share/shorewall/Shorewall/Config.pm line 2149, <$currentfile> > >>> line 18. > >>> > >>> iptables-restore v1.4.11.1: LOGMARK: Bad value for "--log-level" > >>> option: "--log-prefix" > >> > >> Steven, > >> > >> I had already changed the LOGMARK implementation to make the parameter > >> optional (default is 6). See if this doesn't correct that problem. > >> > >> Thanks, > >> -Tom > > > > Tom > > > > After applying the patch, I get the following message: > > > > ERROR: Invalid log level (LOGMARK()) : /etc/shorewallA/rules (line 18) > > That's what I expected. The syntax shown in the manpage part of the > patch is: > > LOGMARK[(<priority>)] > > where <priority> is a syslog priority. It doesn't indicate that > <priority> is optional. > > -Tom
Tom Sorry, I missed that. If I change the rule to: LOG:LOGMARK(1,0) lan fw tcp 100 The following message are produced: Use of uninitialized value $sublevel in pattern match (m//) at /usr/share/shorewall/Shorewall/Config.pm line 2152, <$currentfile> line 18. Use of uninitialized value $sublevel in concatenation (.) or string at /usr/share/shorewall/Shorewall/Config.pm line 2159, <$currentfile> line 18. iptables-restore v1.4.11.1: LOGMARK: Bad value for "--log-level" option: "--log-prefix" Steven. ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
