Added FIREHOL_LOG_MODE which can either be LOG or ULOG to select the

logging mode for iptables. All FireHOL optional rule parameters use this.

Updated documentation to reflect the change.

doc/commands.html

@@ -944,9 +944,9 @@ about optional rule parameters that should not be used in certain commands.
 	<H4>Description</H4>
 	<b>log</b> will log the matching packets to syslog. Note that this is not an action (in iptables it is).
 	FireHOL will actually produce multiple iptables commands to accomplish both the action for the rule and the logging.
-	You can control how logging works, by altering the variables <a href="#FIREHOL_LOG_OPTIONS">FIREHOL_LOG_OPTIONS</a> and
+	You can control how logging works, by altering the variables <a href="#FIREHOL_LOG_MODE">FIREHOL_LOG_MODE</a>, <a href="#FIREHOL_LOG_OPTIONS">FIREHOL_LOG_OPTIONS</a> and
 	<a href="#FIREHOL_LOG_LEVEL">FIREHOL_LOG_LEVEL</a>. You can also change the level of just one rule by using the
-	<b>level</b> argument of the <b>log</b> parameter.
+	<b>level</b> argument of the <b>log</b> parameter (only when FIREHOL_LOG_MODE=LOG).
 	<p>
 	FireHOL logs traffic, exactly the same way iptables does. Many users have complained about packet logs appearing at
 	their console. To avoid this you will have to:
@@ -1189,22 +1189,27 @@ about optional rule parameters that should not be used in certain commands.
 	
 <hr noshade size=1 width="100%">
 
+	<a name="FIREHOL_LOG_MODE"><h3><b>FIREHOL_LOG_MODE</b></h3></a>
 	<a name="FIREHOL_LOG_LEVEL"><h3><b>FIREHOL_LOG_LEVEL</b></h3></a>
 	<a name="FIREHOL_LOG_OPTIONS"><h3><b>FIREHOL_LOG_OPTIONS</b></h3></a>
 	<a name="FIREHOL_LOG_FREQUENCY"><h3><b>FIREHOL_LOG_FREQUENCY</b></h3></a>
 	<a name="FIREHOL_LOG_BURST"><h3><b>FIREHOL_LOG_BURST</b></h3></a>
 	<H4>Description</H4>
+	FIREHOL_LOG_MODE controls the method of logging used by FireHOL. Currently,
+	two modes are supported: <b>LOG</b> and <b>ULOG</b>.
 	FIREHOL_LOG_LEVEL controls the level at which iptables will log things to the syslog.
 	For a description of the possible values supported and for per-rule control of log level,
-	see the <a href="#log">log</a> optional rule parameter.
+	see the <a href="#log">log</a> optional rule parameter. FIREHOL_LOG_LEVEL is ignored when FIREHOL_LOG_MODE=ULOG.
 	<p>
 	FIREHOL_LOG_OPTIONS controls the way iptables will log things to the syslog.
 	The value of this variable is passed as is to iptables, so use exact iptables parameters.
+	This variable can have special arguments for the LOG or ULOG actions of iptables.
 	<p>
 	FIREHOL_LOG_FREQUENCY and FIREHOL_LOG_BURST (added in v1.39 of FireHOL) control the frequency at each each logging
 	rule will write packets to the syslog. FIREHOL_LOG_FREQUENCY is set to the maximum average
 	frequency and FIREHOL_LOG_BURST specifies the maximum initial number of packets to match.
 	<p>
+	Default: <b>FIREHOL_LOG_MODE="LOG"</b><br>
 	Default: <b>FIREHOL_LOG_OPTIONS="--log-level warning"</b><br>
 	Default: <b>FIREHOL_LOG_FREQUENCY="1/second"</b><br>
 	Default: <b>FIREHOL_LOG_BURST="5"</b><br>
@@ -1213,7 +1218,7 @@ about optional rule parameters that should not be used in certain commands.
 	Example: <b>FIREHOL_LOG_FREQUENCY="30/minute"</b><br>
 	Example: <b>FIREHOL_LOG_BURST="2"</b><br>
 	<br>
-	To see the available iptables log options, run <b>/sbin/iptables -j LOG --help</b><br>
+	To see the available iptables log options, run <b>/sbin/iptables -j LOG --help</b> or <b>/sbin/iptables -j ULOG --help</b> (depending on FIREHOL_LOG_MODE)<br>
 	To see what iptables accepts as frequencies and bursts run, <b>/sbin/iptables -m limit --help</b></br>
 	You can also check <b>man iptables</b>.
 	<p>
@@ -1317,7 +1322,7 @@ about optional rule parameters that should not be used in certain commands.
 <tr><td align=center valign=middle>
 	<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&amp;type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
 </td><td align=center valign=middle>
-	<small>$Id: commands.html,v 1.42 2003/11/23 13:43:19 ktsaou Exp $</small>
+	<small>$Id: commands.html,v 1.43 2003/12/01 05:03:12 ktsaou Exp $</small>
 	<p>
 	<b>FireHOL</b>, a firewall for humans...<br>
 	&copy; Copyright 2003

firehol.sh

@@ -10,7 +10,7 @@
 #
 # config: /etc/firehol/firehol.conf
 #
-# $Id: firehol.sh,v 1.171 2003/11/23 19:27:58 ktsaou Exp $
+# $Id: firehol.sh,v 1.172 2003/12/01 05:03:11 ktsaou Exp $
 #
 
 # Remember who you are.
@@ -129,6 +129,7 @@ UNMATCHED_ROUTER_POLICY="DROP"
 # FIREHOL_LOG_OPTIONS="--log-tcp-sequence --log-tcp-options --log-ip-options"
 FIREHOL_LOG_OPTIONS=""
 FIREHOL_LOG_LEVEL="warning"
+FIREHOL_LOG_MODE="LOG"
 FIREHOL_LOG_FREQUENCY="1/second"
 FIREHOL_LOG_BURST="5"
 
@@ -3423,23 +3424,31 @@ rule() {
 																
 																declare -a basecmd=("${inf_arg[@]}" "${outf_arg[@]}" "${physdev_arg[@]}" "${inph_arg[@]}" "${outph_arg[@]}" "${limit_arg[@]}" "${iplimit_arg[@]}" "${proto_arg[@]}" "${s_arg[@]}" "${sp_arg[@]}" "${d_arg[@]}" "${dp_arg[@]}" "${owner_arg[@]}" "${uid_arg[@]}" "${gid_arg[@]}" "${pid_arg[@]}" "${sid_arg[@]}" "${cmd_arg[@]}" "${state_arg[@]}" "${mc_arg[@]}")
 																
+																unset logopts_arg
+																if [ "${FIREHOL_LOG_MODE}" = "ULOG" ]
+																then
+																	local -a logopts_arg=("--ulog-prefix='${logtxt}:'")
+																else
+																	local -a logopts_arg=("--log-level" "${loglevel}" "--log-prefix='${logtxt}:'")
+																fi
+																
 																case "${log}" in
 																	'')
 																		;;
 																	
 																	limit)
-																		iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j LOG ${FIREHOL_LOG_OPTIONS} --log-level "${loglevel}" --log-prefix="${logtxt}:"
+																		iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -m limit --limit "${FIREHOL_LOG_FREQUENCY}" --limit-burst "${FIREHOL_LOG_BURST}" -j ${FIREHOL_LOG_MODE} ${FIREHOL_LOG_OPTIONS} "${logopts_arg[@]}"
 																		;;
 																		
 																	normal)
-																		iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom} -j LOG ${FIREHOL_LOG_OPTIONS} --log-level "${loglevel}" --log-prefix="${logtxt}:"
+																		iptables ${table} -A "${chain}" "${basecmd[@]}" ${custom}  -j ${FIREHOL_LOG_MODE} ${FIREHOL_LOG_OPTIONS} "${logopts_arg[@]}"
 																		;;
 																		
 																	*)
 																		error "Unknown log value '${log}'."
 																		;;
 																esac
-															
+																
 																rule_action_param "${action}" "${pr}" "${action_param[@]}" -- ${table} -A "${chain}" "${basecmd[@]}" ${custom}
 															done # dst
 														done # src
@@ -3954,7 +3963,7 @@ case "${arg}" in
 		else
 		
 		${CAT_CMD} <<EOF
-$Id: firehol.sh,v 1.171 2003/11/23 19:27:58 ktsaou Exp $
+$Id: firehol.sh,v 1.172 2003/12/01 05:03:11 ktsaou Exp $
 (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.
 
@@ -4140,7 +4149,7 @@ then
 	
 	${CAT_CMD} <<EOF
 
-$Id: firehol.sh,v 1.171 2003/11/23 19:27:58 ktsaou Exp $
+$Id: firehol.sh,v 1.172 2003/12/01 05:03:11 ktsaou Exp $
 (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.
 Home Page: http://firehol.sourceforge.net
@@ -4435,7 +4444,7 @@ then
 	
 	${CAT_CMD} >&2 <<EOF
 
-$Id: firehol.sh,v 1.171 2003/11/23 19:27:58 ktsaou Exp $
+$Id: firehol.sh,v 1.172 2003/12/01 05:03:11 ktsaou Exp $
 (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.
 Home Page: http://firehol.sourceforge.net
@@ -4518,7 +4527,7 @@ EOF
 	echo "# "
 
 	${CAT_CMD} <<EOF
-# $Id: firehol.sh,v 1.171 2003/11/23 19:27:58 ktsaou Exp $
+# $Id: firehol.sh,v 1.172 2003/12/01 05:03:11 ktsaou Exp $
 # (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 # FireHOL is distributed under GPL.
 # Home Page: http://firehol.sourceforge.net