On 11/4/2014 5:05 PM, Thomas D. wrote: > Hi, > > On 2014-11-05 01:30, Tom Eastep wrote: >> I'm tempted to remove the LOG_BACKEND option until those guys make up >> their minds. > > I understand, but this option is really helpful. See all the recurring > error reports regarding not working logging... due to the "wrong" set > nf_log module. > > Maybe we can support custom values: > > The documentation should tell the users where they find the supported > value for the LOG_BACKEND option for their system (i.e. telling them to > run "cat /proc/net/netfilter/nf_log"...). We should tell them why this > value is system dependent. > > Maybe shorewall can validate the value on check/compile. At least > shorewall should catch the error when setting the log backend failed and > show an useful error message telling the user what's the problem and how > they can fix it. Something like > >> Compiling... >> Processing /etc/shorewall/params ... >> Processing /etc/shorewall/shorewall.conf... >> Loading Modules... >> ERROR: Invalid LOG Backend (ipt_LOG) >> The current active kernel supports the following LOG Backends: >> - nf_log_ipv4 >> - nfnetlink_log >> See `man 5 shorewall.conf` for more details > > ...and in shorewall.conf's man page we would explain everything.
In general, the compiler can't validate the value since it can be running on a system other than where the firewall is to run under Shorewall-lite. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
