[Shorewall-users] LOGFORMAT string is replaced by "--log-prefix"

[Daniel Meißner]

Hello,

I upgraded some of my boxes from shorewall version 4.5.3-1 to 4.5.5.1
release, available in Robertos Debian repository. On one of them is the
LOGFORMAT string, defined in shorewall.conf, replaced by the iptables
option "--log-prefix". I can't determine what the problem really is.

Syslog:
Jun 29 22:44:40 server kernel: [858843.474143] --log-prefixIN=eth0
OUT= MAC=00:0e:7f:7d:72:32:74:8e:f8:60:e0:41:08:00
SRC=192.168.1.23 DST=192.168.1.1 LEN=48 TOS=0x00 PREC=0x00 TTL=122
ID=49330 PROTO=TCP SPT=29454 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 

# shorewall show
[…]
4   605 LOG        all  --  *      *       0.0.0.0/0
0.0.0.0/0            LOG flags 0 level 6 prefix "--log-prefix"
[…]

/etc/shorewall/shorewall.conf:
[…]
BLACKLIST_LOGLEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
[…]

$ uname -r -v -i -o
3.2.0-2-686-pae #1 SMP Mon Jun 11 18:27:04 UTC 2012 unknown GNU/Linux

$ cat /etc/debian_version 
wheezy/sid

# iptables --version
iptables v1.4.14

Any ideas what could be the problem? If you need further information,
tell me what you need to know.


Something else, which have nothing to do with the
problem described above. When I restart shorewall with
STARTUP_ENABLED=No, I get a very nice error message, but with a wrong
shorewall.conf path in it.

# shorewall restart
  ERROR: Shorewall startup is disabled. To enable startup, set
STARTUP_ENABLED=Yes in /etc/shorewall.conf

I think ${CONFDIR} should be ${g_confdir} in this context. Patch is
attached.

Thanks for your help!

Cheers,
Daniel.

diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std
index bd9d0d3..1e68e70 100644
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -181,7 +181,7 @@ get_config() {
  if [ "$2" = Yes ]; then
      case $STARTUP_ENABLED in
    No|no|NO)
-       echo "   ERROR: $g_product startup is disabled. To enable
startup, set STARTUP_ENABLED=Yes in ${CONFDIR}/${g_program}.conf" >&2
+       echo "   ERROR: $g_product startup is disabled. To enable
startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf" >&2
exit 2 ;;
    Yes|yes|YES)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users