mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
Added /sbin in front of two sysctl statements that were producing errors
in a few systems. Added control option FIREHOL_LOG_LEVEL and the optional argument 'level' to the 'log' parameter in order to accept custom log levels per rule. Now, to have different log levels, one could write: server dhcp accept log "my-dhcp" src 1.1.1.1 to get the default controlled by FIREHOL_LOG_LEVEL, or server dhcp accept log "my-dhcp" level critical src 1.1.1.1 Note that the 'level' is NOT a FireHOL optional rule parameter. It is an optional argument to the 'log' parameter. This for example is invalid: server dhcp accept level critical log "my-dhcp" src 1.1.1.1 The new definition of the 'log' optional rule parameter is: log "some text" [level a_level]
This commit is contained in:
parent
066bfbd749
commit
3bbb0bb505
@ -140,6 +140,8 @@ service_dhcprelay_notes="DHCP Relay.
|
||||
<p>
|
||||
For more information about DHCP Relay see section 9.1.2 of
|
||||
<a href=\"http://www.ietf.org/rfc/rfc1812.txt?number=1812\">RFC 1812</a>
|
||||
and section 4 of
|
||||
<a href=\"http://www.ietf.org/rfc/rfc1542.txt?number=1542\">RFC 1542</a>
|
||||
"
|
||||
|
||||
|
||||
@ -495,7 +497,7 @@ cat <<"EOF"
|
||||
<tr><td align=center valign=middle>
|
||||
<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
|
||||
</td><td align=center valign=middle>
|
||||
<small>$Id: create_services.sh,v 1.22 2003/02/03 23:11:49 ktsaou Exp $</small>
|
||||
<small>$Id: create_services.sh,v 1.23 2003/02/11 22:20:18 ktsaou Exp $</small>
|
||||
<p>
|
||||
<b>FireHOL</b>, a firewall for humans...<br>
|
||||
© Copyright 2002
|
||||
|
34
firehol.sh
34
firehol.sh
@ -10,7 +10,7 @@
|
||||
#
|
||||
# config: /etc/firehol.conf
|
||||
#
|
||||
# $Id: firehol.sh,v 1.89 2003/02/03 23:11:49 ktsaou Exp $
|
||||
# $Id: firehol.sh,v 1.90 2003/02/11 22:20:07 ktsaou Exp $
|
||||
#
|
||||
|
||||
|
||||
@ -63,8 +63,9 @@ UNMATCHED_ROUTER_POLICY="DROP"
|
||||
# Options for iptables LOG action.
|
||||
# These options will be added to all LOG actions FireHOL will generate.
|
||||
# To change them, type such a line in the configuration file.
|
||||
# FIREHOL_LOG_OPTIONS="--log-level warning --log-tcp-sequence --log-tcp-options --log-ip-options"
|
||||
FIREHOL_LOG_OPTIONS="--log-level warning"
|
||||
# FIREHOL_LOG_OPTIONS="--log-tcp-sequence --log-tcp-options --log-ip-options"
|
||||
FIREHOL_LOG_OPTIONS=""
|
||||
FIREHOL_LOG_LEVEL="warning"
|
||||
FIREHOL_LOG_FREQUENCY="1/second"
|
||||
FIREHOL_LOG_BURST="5"
|
||||
|
||||
@ -79,8 +80,8 @@ DEFAULT_CLIENT_PORTS="1000:65535"
|
||||
# Get the default client ports from the kernel configuration.
|
||||
# This is formed to a range of ports to be used for all "default"
|
||||
# client ports when the client specified is the localhost.
|
||||
LOCAL_CLIENT_PORTS_LOW=`sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 1`
|
||||
LOCAL_CLIENT_PORTS_HIGH=`sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 2`
|
||||
LOCAL_CLIENT_PORTS_LOW=`/sbin/sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 1`
|
||||
LOCAL_CLIENT_PORTS_HIGH=`/sbin/sysctl net.ipv4.ip_local_port_range | cut -d '=' -f 2 | cut -f 2`
|
||||
LOCAL_CLIENT_PORTS="${LOCAL_CLIENT_PORTS_LOW}:${LOCAL_CLIENT_PORTS_HIGH}"
|
||||
|
||||
|
||||
@ -1757,6 +1758,7 @@ rule() {
|
||||
|
||||
local log=
|
||||
local logtxt=
|
||||
local loglevel=
|
||||
|
||||
local limit=
|
||||
local burst=
|
||||
@ -2213,6 +2215,13 @@ rule() {
|
||||
logtxt="${2}"
|
||||
fi
|
||||
shift 2
|
||||
if [ "${1}" = "level" ]
|
||||
then
|
||||
loglevel="${2}"
|
||||
shift 2
|
||||
else
|
||||
loglevel="${FIREHOL_LOG_LEVEL}"
|
||||
fi
|
||||
;;
|
||||
|
||||
loglimit|LOGLIMIT)
|
||||
@ -2223,6 +2232,13 @@ rule() {
|
||||
logtxt="${2}"
|
||||
fi
|
||||
shift 2
|
||||
if [ "${1}" = "level" ]
|
||||
then
|
||||
loglevel="${2}"
|
||||
shift 2
|
||||
else
|
||||
loglevel="${FIREHOL_LOG_LEVEL}"
|
||||
fi
|
||||
;;
|
||||
|
||||
limit|LIMIT)
|
||||
@ -2709,11 +2725,11 @@ rule() {
|
||||
;;
|
||||
|
||||
limit)
|
||||
iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j LOG ${FIREHOL_LOG_OPTIONS} --log-prefix="${logtxt}:"
|
||||
iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j LOG ${FIREHOL_LOG_OPTIONS} --log-level "${loglevel}" --log-prefix="${logtxt}:"
|
||||
;;
|
||||
|
||||
normal)
|
||||
iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -j LOG ${FIREHOL_LOG_OPTIONS} --log-prefix="${logtxt}:"
|
||||
iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -j LOG ${FIREHOL_LOG_OPTIONS} --log-level "${loglevel}" --log-prefix="${logtxt}:"
|
||||
;;
|
||||
|
||||
*)
|
||||
@ -3165,7 +3181,7 @@ case "${arg}" in
|
||||
else
|
||||
|
||||
cat <<"EOF"
|
||||
$Id: firehol.sh,v 1.89 2003/02/03 23:11:49 ktsaou Exp $
|
||||
$Id: firehol.sh,v 1.90 2003/02/11 22:20:07 ktsaou Exp $
|
||||
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
||||
FireHOL is distributed under GPL.
|
||||
|
||||
@ -3333,7 +3349,7 @@ then
|
||||
|
||||
cat <<"EOF"
|
||||
|
||||
$Id: firehol.sh,v 1.89 2003/02/03 23:11:49 ktsaou Exp $
|
||||
$Id: firehol.sh,v 1.90 2003/02/11 22:20:07 ktsaou Exp $
|
||||
(C) Copyright 2002, Costa Tsaousis <costa@tsaousis.gr>
|
||||
FireHOL is distributed under GPL.
|
||||
Home Page: http://firehol.sourceforge.net
|
||||
|
Loading…
Reference in New Issue
Block a user