Added /sbin in front of two sysctl statements that were producing errors

in a few systems. Added control option FIREHOL_LOG_LEVEL and the optional argument 'level' to the 'log' parameter in order to accept custom log levels per rule. Now, to have different log levels, one could write: server dhcp accept log "my-dhcp" src 1.1.1.1 to get the default controlled by FIREHOL_LOG_LEVEL, or server dhcp accept log "my-dhcp" level critical src 1.1.1.1 Note that the 'level' is NOT a FireHOL optional rule parameter. It is an optional argument to the 'log' parameter. This for example is invalid: server dhcp accept level critical log "my-dhcp" src 1.1.1.1 The new definition of the 'log' optional rule parameter is: log "some text" [level a_level]
2024-06-30 19:02:21 +00:00 · 2003-02-11 22:20:07 +00:00 · 2003-02-11 22:20:07 +00:00 · 3bbb0bb505
commit 3bbb0bb505
parent 066bfbd749
2 changed files with 28 additions and 10 deletions
--- a/doc/create_services.sh
+++ b/doc/create_services.sh
@ -140,6 +140,8 @@ service_dhcprelay_notes="DHCP Relay.
 <p>
 For more information about DHCP Relay see section 9.1.2 of
 <a href=\"http://www.ietf.org/rfc/rfc1812.txt?number=1812\">RFC 1812</a>
+and section 4 of 
+<a href=\"http://www.ietf.org/rfc/rfc1542.txt?number=1542\">RFC 1542</a>
 "


@ -495,7 +497,7 @@ cat <<"EOF"
 <tr><td align=center valign=middle>
 	<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&amp;type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
 </td><td align=center valign=middle>
-	<small>$Id: create_services.sh,v 1.22 2003/02/03 23:11:49 ktsaou Exp $</small>
+	<small>$Id: create_services.sh,v 1.23 2003/02/11 22:20:18 ktsaou Exp $</small>
 	<p>
 	<b>FireHOL</b>, a firewall for humans...<br>
 	&copy; Copyright 2002
--- a/firehol.sh
+++ b/firehol.sh
@ -10,7 +10,7 @@
 #
 # config: /etc/firehol.conf
 #
-# $Id: firehol.sh,v 1.89 2003/02/03 23:11:49 ktsaou Exp $
+# $Id: firehol.sh,v 1.90 2003/02/11 22:20:07 ktsaou Exp $
 #


@ -63,8 +63,9 @@ UNMATCHED_ROUTER_POLICY="DROP"
 # Options for iptables LOG action.
 # These options will be added to all LOG actions FireHOL will generate.
 # To change them, type such a line in the configuration file.
-# FIREHOL_LOG_OPTIONS="--log-level warning --log-tcp-sequence --log-tcp-options --log-ip-options"
-FIREHOL_LOG_OPTIONS="--log-level warning"
+# FIREHOL_LOG_OPTIONS="--log-tcp-sequence --log-tcp-options --log-ip-options"
+FIREHOL_LOG_OPTIONS=""
+FIREHOL_LOG_LEVEL="warning"
 FIREHOL_LOG_FREQUENCY="1/second"
 FIREHOL_LOG_BURST="5"

@ -79,8 +80,8 @@ DEFAULT_CLIENT_PORTS="1000:65535"
 # Get the default client ports from the kernel configuration.
 # This is formed to a range of ports to be used for all "default"
 # client ports when the client specified is the localhost.
-LOCAL_CLIENT_PORTS_LOW=`sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 1`
-LOCAL_CLIENT_PORTS_HIGH=`sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 2`
+LOCAL_CLIENT_PORTS_LOW=`/sbin/sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 1`
+LOCAL_CLIENT_PORTS_HIGH=`/sbin/sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 2`
 LOCAL_CLIENT_PORTS="${LOCAL_CLIENT_PORTS_LOW}:${LOCAL_CLIENT_PORTS_HIGH}"


@ -1757,6 +1758,7 @@ rule() {
 	
 	local log=
 	local logtxt=
+	local loglevel=
 	
 	local limit=
 	local burst=
@ -2213,6 +2215,13 @@ rule() {
 					logtxt="${2}"
 				fi
 				shift 2
+				if [ "${1}" = "level" ]
+				then
+					loglevel="${2}"
+					shift 2
+				else
+					loglevel="${FIREHOL_LOG_LEVEL}"
+				fi
 				;;
 				
 			loglimit|LOGLIMIT)
@ -2223,6 +2232,13 @@ rule() {
 					logtxt="${2}"
 				fi
 				shift 2
+				if [ "${1}" = "level" ]
+				then
+					loglevel="${2}"
+					shift 2
+				else
+					loglevel="${FIREHOL_LOG_LEVEL}"
+				fi
 				;;
 				
 			limit|LIMIT)
@ -2709,11 +2725,11 @@ rule() {
 														;;
 													
 													limit)
-														iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j LOG ${FIREHOL_LOG_OPTIONS} --log-prefix="${logtxt}:"
+														iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j LOG ${FIREHOL_LOG_OPTIONS} --log-level "${loglevel}" --log-prefix="${logtxt}:"
 														;;
 														
 													normal)
-														iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -j LOG ${FIREHOL_LOG_OPTIONS} --log-prefix="${logtxt}:"
+														iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -j LOG ${FIREHOL_LOG_OPTIONS} --log-level "${loglevel}" --log-prefix="${logtxt}:"
 														;;
 														
 													*)
@ -3165,7 +3181,7 @@ case "${arg}" in
 		else
 		
 		cat <<"EOF"
-$Id: firehol.sh,v 1.89 2003/02/03 23:11:49 ktsaou Exp $
+$Id: firehol.sh,v 1.90 2003/02/11 22:20:07 ktsaou Exp $
 (C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.

@ -3333,7 +3349,7 @@ then
 	
 	cat <<"EOF"

-$Id: firehol.sh,v 1.89 2003/02/03 23:11:49 ktsaou Exp $
+$Id: firehol.sh,v 1.90 2003/02/11 22:20:07 ktsaou Exp $
 (C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.
 Home Page: http://firehol.sourceforge.net