> Please send me a test case. If the fix is simple enough, I can include
> it in this release.
>
rules
~~~~~
SECTION RELATED
ESLOG(log,-,-,-,ACCEPT,-,log_ssh_related=0) $FW net:+ssh-local-hosts
action.ESLOG
~~~~~~~~~~~~~~
?IF $5 eq 'Drop'
$5
?ENDIF
?IF $6
?SET p6 $6
?ELSE
?SET p6 @{chain}
?ENDIF
ALOG($1,$2,$3,$4,$5,$p6) ; switch:${p6}_${7}
?IF $5 && (! ($5 eq 'Drop'))
$5
?ENDIF
action.ALOG
~~~~~~~~~~~~~~
?IF $5
?SET @disposition $5
?ENDIF
?IF $6
?SET @chain $6
?ENDIF
?IF $1
LOG:$LOG_OPTIONS
?ENDIF
?IF $2
NFLOG($2,0,1)
?ENDIF
?IF $3
NFLOG($3,0,1)
?ENDIF
?IF $4
AUDIT($4)
?ENDIF
produces:
:%ALOG10 - [0:0]
[...]
-A %ALOG10 -j LOG --log-tcp-options --log-ip-options --log-macdecode
--log-tcp-sequence --log-uid --log-level 6 --log-prefix
"Shorewall:fw2net:ACCEPT:"
[...]
-A +fw2net -m condition --condition fw2net_log_ssh_related -m set
--match-set ssh-local-hosts dst -j %ALOG10
This can be optimised to:
-A +fw2net -m condition --condition fw2net_log_ssh_related -m set
--match-set ssh-local-hosts dst -j LOG --log-tcp-options
--log-ip-options --log-macdecode --log-tcp-sequence --log-uid
--log-level 6 --log-prefix "Shorewall:fw2net:ACCEPT:"
and the whole %ALOG10 chain (plus the additional jump to it) wiped out.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
