Robert Moskowitz wrote: > How does LOGFORMAT in shorewall.conf control the length of the zone name > as discussed in the zones man page? > > The default max length is 5.
The maximum length of an iptables log prefix is 29 bytes. As explained
in the shorewall.conf manpage, the default LOGPREFIX formatting string
is “Shorewall:%s:%s:” where the first %s is replaced by the chain name
and the second is replaced by the disposition.
- The default formatting string has 12 fixed characters ("Shorewall" and
three colons).
- The longest of the standard dispositions are ACCEPT and REJECT which
have 6 characters each.
- The canonical name for the chain containing the rules for traffic
going from zone 1 to zone 2 is "<zone 1>2<zone 2>". So if M is the
maximum zone name length, such chains can have length 2*M + 1.
12 + 6 + 2*M + 1 = 29
which reduces to
2*M = 29 - 12 - 6 = 11
or
M = 5
> What would I specify in LOGFORMAT to allow
> a 6 character zone name?
Something with at least two fewer fixed characters than the default.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
