On 11/25/2012 07:08 PM, Mr Dash Four wrote: > >>>>> Given that specifying a log level affects all rules in the macro >>>>> (except >>>>> NFLOG and ULOG), I wouldn't recommend specifying a log level. >>>>> >>>> >>>> It would be trivial to restrict the affect of a log level to just bare >>>> 'LOG' rules when a macro is used as a default action. If no one objects, >>>> I'll go ahead and make that change. >>> >>> In testing this change, I'm finding that specifying 'macro.Name' isn't >>> working correctly. So for now, macros specified as a default action must >>> not have names that conflict with the name of an action. >> >> Attached are two patches. >> >> DEFAULTMACRO1.patch corrects handling of 'macro.Name'. >> DEFAULTMACRO2.patch limits the application of log levels to bare LOG rules. > I am not sure I understand what you are concerned about and what the problem > is/was: according to your own macros help page > (http://www.shorewall.net/Macros.html - not a dead link this time), if I > specify a log level when executing a macro, this propagates to all statements > within that macro where log level isn't specified. > > I can't see a problem with that - if I wish to explicitly use a log level for > a particular action in a given macro, which is different from the one > specified when the macro is executed, then all I have to do is add it as part > of that action, i.e.: > > C_MACRO > ~~~~~~~ > LOG > AUDIT(drop) > NFLOG(1,0,1):debug
That isn't valid. 'debug' only applies to the LOG target, not the NFLOG target. So the macro handler already excludes NFLOG from the targets that inherit a level from the macro invocation. > NFLOG(2,0,1) > > So, when I execute "C_MACRO:info", this translates to: > > LOG:info > AUDIT(drop):info > NFLOG(1,0,1):debug # unchanged > NFLOG(2,0,1):info > > Isn't that so? True. But I'm not sure that is the desired behavior in the context of a default action. Default actions were created primarily to suppress unwanted log noise, not to amplify it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
