-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-05-19 17:01, Tom Eastep wrote:
>> So did you really change the value by intention and want to keep
>> it in default shorewall.conf?
>
> The change was intentional; it allows for longer zone names than
> the previous setting. If an existing user performs a 'shorewall
> update' and LOGFORMAT is not set in the existing .conf file, then
> the setting will be updated to use "Shorewall:%s:%s", so that
> existing filters and parsing scripts will continue to work.
OK. I now understand the intention but I think it is always a bad idea
to ship a default configuration file which differs from the actual
default value.
For Gentoo I think I'll change the value in shorewall.conf back to
LOGFORMAT="Shorewall:%s:%s:"
Idea behind this:
1) If we change the value, people upgrading existing installations
will be prompted to change this value in their existing
configuration as well.
Users not really familiar with this setting won't understand the
impact unless they notice their firewall logs aren't processed
anymore.
2) Until shorewall will change the default value as well, i.e. the
value shorewall will set when the option isn't set, it will be
very confusing and packages shipping log parsers will stick with
the default value.
3) The current limited zone names were working fine in the past, not?
So only people who actually wants longer names will change this
option. And these people will understand the impact so we can
assume they will be able to adjust syslog filters, logwatch scripts
or anything else processing their firewall logs as well.
Am I wrong? Am I missing something? Or is that a bad idea and would
you suggest to stick with
LOGFORMAT="%s %s "
?
- --
Regards,
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
iQJ8BAEBCgBmBQJZIBAhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5
NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IigsP/isZBvWaizlEL+RkhfBOYlPr
Hjx3pS3socC7vpKWgr7KTFvvj8DjBvl28AITM42Glqt/pQj3rXGtGdwWWjUquaiy
bmXmG4A46T7SOVCuEoc1PwQKVOIp6yHOdF/1S33y+nE/gVWg2+CGhV3zTaPGsDQS
etZbQX8Fs+mG3XYEMvVe0ZdLqPfUjtxRvc4nwdpakKqMkooZUseICAHBG+LTb1nE
5gGcuzNp02MKXC42umRM564lo5DJEJaC0ywX7by3tCgnScNNIV/B3svONtVQyjMv
sBnLwe8Ff9kjNTjIo7E3TgIaEDNADFIEbGG0doBlkaZfdDrms+iopEPj3yiU7HAt
YP/AOc5ydznJV42XLCBbmgVKDkV+XXtaflvEE/auwSvr1BG1QgEuyAT3Pu6dEudL
E+jyrWd13G3enN2pVwYHdJYdP6g7mF+/XkS+6TZYjiVpYO60LBiylyxZbeioDasq
dMB3ttHFKa+8cjeWjkI9WYjkTR+Orvq/0fstjSV1RHCRlgW3I+3qTnPVIUPsePKN
C1Z+77UyZmj83RL8aqEnG1CsEn4bXYEZDag52ns9+nQaQwxhGCIpuDcxMx+B2JaR
28ReE6lTxGXWiRPp9QinZzHEkLhFyJhL8gVkPAkSmquBY6U2r6rzQv3Pl2ZXtfbM
5eL5Ll6zqG74qXXsTk3M
=y73X
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
