diff options
| author | Stig Thormodsrud <stig@io.vyatta.com> | 2009-02-28 11:33:36 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@io.vyatta.com> | 2009-02-28 11:33:36 -0800 |
| commit | a58874011506c6fcfe60929cc10cdc742fba6056 (patch) | |
| tree | 76926710f9490fdbe2dc1188e4842647492d1558 /lib/Vyatta/IpTables/Rule.pm | |
| parent | 2f684d00985f67469db874805caeedf83cf2e1eb (diff) | |
| download | vyatta-cfg-firewall-a58874011506c6fcfe60929cc10cdc742fba6056.tar.gz vyatta-cfg-firewall-a58874011506c6fcfe60929cc10cdc742fba6056.zip | |
Fix 3422: fw logging fails if logprefix is too long (> 29 characters)
Diffstat (limited to 'lib/Vyatta/IpTables/Rule.pm')
| -rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 558d4ae..46925ac 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -275,6 +275,19 @@ sub get_state_str { } } +sub get_log_prefix { + my ($chain, $rule_num, $action) = @_; + + # In iptables it allows a 29 character log_prefix, but we ideally + # want to include "[$chain-$rule_num-$action] " but that would require + # 1 29 1 4 1 1 11 = 39 + # so truncate the chain name so that it'll all fit. + $chain = substr($chain, 0, 19) if length($chain) > 19; + my $action_char = uc(substr($action, 0, 1)); + my $log_prefix = "[$chain-$rule_num-$action_char] "; + return $log_prefix; +} + sub get_num_ipt_rules { my $self = shift; my $ipt_rules = 1; @@ -491,7 +504,8 @@ first character capitalized eg. Mon,Thu,Sat For negation, add ! in front eg. !Mo # set the jump target. Depends on action and log if ("$self->{_log}" eq "enable") { $rule2 = $rule; - $rule2 .= "-j LOG --log-prefix '[$chain $rule_num $self->{_action}] ' "; + my $log_prefix = get_log_prefix($chain, $rule_num, $self->{_action}); + $rule2 .= "-j LOG --log-prefix \"$log_prefix\" "; } if ("$self->{_action}" eq "drop") { $rule .= "-j DROP "; |