On Wednesday 02 May 2007 16:40, Tom Eastep wrote: > Steven Jan Springl wrote: > > Tom > > > > A couple of issues with log tag. > > > > Rule: > > > > ACCEPT:warn:mail $FW lan:192.168.0.3 tcp 25 > > > > generates iptables rule: > > > > -A fw2lan -p 6 --dport 25 -d 192.168.0.3 -j LOG --log-level > > 4 --log-prefix "Shorewall:mail:ACCEPT:" > > > > The documentation states that log tag is appended to the end of LOGPREFIX > > which should give --log-prefix: > > > > "Shorewall:fw2lan:ACCEPT:mail:" > > I'm not seeing that here: > > -A fw2lan -p 6 --dport 25 -d 192.168.0.3 -j LOG --log-level 4 --log-prefix > "Shorewall:fw2lan:ACCEPT:mail " > > > The second issue. > > > > The log level is passed to macros but the log tag is not. > > > > rule: > > > > sjs/ACCEPT:warn:test $FW lan:192.168.0.3 > > > > macro sjs: > > > > PARAM - - tcp 22 > > > > generates rule: > > > > -A fw2lan -p 6 --dport 22 -d 192.168.0.3 -j LOG --log-level > > 4 --log-prefix "Shorewall:fw2lan:ACCEPT:" > > > > If the rule is changed (! is added) to: > > > > sjs/ACCEPT:warn!:test $FW $L3 > > > > then the log tag is passed to macros. > > Fixed in revision 6191. > > -Tom
Tom I am sorry for wasting your time. The first issue was caused by LOGTAGONLY=Yes in shorewall.conf. In my defence, I had read the shorewall.conf man page, but LOGTAGONLY is not listed. Steven. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
