On 11/25/2012 10:05 AM, Tom Eastep wrote:
On 11/25/2012 09:37 AM, Tom Eastep wrote:
On 11/25/2012 09:02 AM, Tom Eastep wrote:
On 11/25/2012 05:00 AM, Mr Dash Four wrote:
Given that specifying a log level affects all rules in the macro (except
NFLOG and ULOG), I wouldn't recommend specifying a log level.
It would be trivial to restrict the affect of a log level to just bare
'LOG' rules when a macro is used as a default action. If no one objects,
I'll go ahead and make that change.
In testing this change, I'm finding that specifying 'macro.Name' isn't
working correctly. So for now, macros specified as a default action must
not have names that conflict with the name of an action.
Attached are two patches.
DEFAULTMACRO1.patch corrects handling of 'macro.Name'.
DEFAULTMACRO2.patch limits the application of log levels to bare LOG rules.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 4c2ac3b..2c45ec6 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -361,10 +361,12 @@ sub process_a_policy() {
$default = supplied $param ? normalize_action( $def, 'none', $param ) : normalize_action_name $def;
use_policy_action( $default );
} elsif ( find_macro( $def ) ) {
- $default = join( '.', 'macro', $def ) unless $default =~ /^macro./;
+ $def = join( '.', 'macro', $def ) unless $default =~ /^macro./;
if ( supplied $param ) {
validate_level($param);
- $default = join( ':', $default, $param );
+ $default = join( ':', $def, $param );
+ } else {
+ $default = $def;
}
} else {
fatal_error "Unknown Default Action ($default)";
@@ -1151,7 +1153,10 @@ sub merge_levels ($$) {
sub find_macro( $ )
{
my $macro = $_[0];
- my $macrofile = find_file( $macro =~ /^macro\./ ? $macro : "macro.$macro" );
+
+ $macro =~ s/^macro.//;
+
+ my $macrofile = find_file "macro.$macro";
if ( -f $macrofile ) {
$macros{$macro} = $macrofile;
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 45c66d8..2c45ec6 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1656,7 +1656,11 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
next;
}
- $mtarget = merge_levels $target, $mtarget;
+ unless ( $section eq 'DEFAULTACTION' ) {
+ $mtarget = merge_levels $target, $mtarget;
+ } else {
+ $mtarget = merge_levels( $target, $mtarget ) if $mtarget eq 'LOG';
+ }
if ( $mtarget =~ /^PARAM(:.*)?$/ ) {
fatal_error 'PARAM requires a parameter to be supplied in macro invocation' unless $param ne '';
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
