On 2/1/22 15:22, Wayne S wrote:
I have defined in params LOGINFO="NFLOG(7,,)"In shorewall.config I have LOG_LEVEL="$LOGINFO" ulogd2.service is running just fine with group 7: ulogd[924]: building new pluginstance stack: 'log7:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu7:LOGEMU' But checking shorewall I get: Checking using Shorewall 5.2.3.4... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Checking /etc/shorewall/zones... Checking /etc/shorewall/interfaces... Checking /etc/shorewall/hosts... Determining Hosts in Zones... Locating Action Files... ERROR: Invalid log level (NFLOG(7,-,)) /usr/share/shorewall/actions.std (EOF) If I change this line in shorewall.config, by removing :$LOG_LEVEL: BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" to BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn,dropInvalid,DropDNSrep" Shorewall runs just fine. $LOG_LEVEL is used elsewhere with no problems. Is this an issue with my configuration or with shorewall?
It's a Shorewall quirk that you can work around by changing your params entry to:
LOGINFO="NFLOG(7)" -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
