On 11/4/2014 5:05 PM, Thomas D. wrote: > Hi, > > On 2014-11-05 01:30, Tom Eastep wrote: >> I'm tempted to remove the LOG_BACKEND option until those guys make up >> their minds. > > I understand, but this option is really helpful. See all the recurring > error reports regarding not working logging... due to the "wrong" set > nf_log module. > > Maybe we can support custom values: > > The documentation should tell the users where they find the supported > value for the LOG_BACKEND option for their system (i.e. telling them to > run "cat /proc/net/netfilter/nf_log"...). We should tell them why this > value is system dependent. > > Maybe shorewall can validate the value on check/compile. At least > shorewall should catch the error when setting the log backend failed and > show an useful error message telling the user what's the problem and how > they can fix it. Something like > >> Compiling... >> Processing /etc/shorewall/params ... >> Processing /etc/shorewall/shorewall.conf... >> Loading Modules... >> ERROR: Invalid LOG Backend (ipt_LOG) >> The current active kernel supports the following LOG Backends: >> - nf_log_ipv4 >> - nfnetlink_log >> See `man 5 shorewall.conf` for more details > > ...and in shorewall.conf's man page we would explain everything.
Please give the attached patch a try. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Proc.pm b/Shorewall/Perl/Shorewall/Proc.pm
index 58955fc..53d4725 100644
--- a/Shorewall/Perl/Shorewall/Proc.pm
+++ b/Shorewall/Perl/Shorewall/Proc.pm
@@ -356,15 +356,35 @@ sub setup_log_backend($) {
emit( 'progress_message2 "Setting up log backend"',
'',
- "if [ -f $file ]; then",
- " if echo $setting > $file; then",
- " progress_message 'Log Backend set to $setting'",
- ' else',
- " error_message 'WARNING: Unable to set log backend to
$setting'",
- ' fi',
- 'else',
- " error_message 'WARNING: $file does not exist - log backend
not set'",
- "fi\n" );
+ "if [ -f $file ]; then"
+ );
+
+ if ( $setting =~ /ip6?t_log/i ) {
+ my $alternative = 'nf_log_ipv' . $family;
+
+ emit( " setting=$setting",
+ '',
+ " fgrep -q $setting /proc/net/netfilter/nf_log ||
setting=$alternative",
+ '',
+ " if echo \$setting > $file; then",
+ ' progress_message "Log Backend set to $setting"',
+ ' else',
+ ' error_message "WARNING: Unable to set log backend to
$setting"',
+ ' fi',
+ 'else',
+ " error_message 'WARNING: $file does not exist - log
backend not set'",
+ "fi\n"
+ );
+ } else {
+ emit( " if echo $setting > $file; then",
+ " progress_message 'Log Backend set to $setting'",
+ ' else',
+ " error_message 'WARNING: Unable to set log backend to
$setting'",
+ ' fi',
+ 'else',
+ " error_message 'WARNING: $file does not exist - log
backend not set'",
+ "fi\n" );
+ }
}
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
