diff options
-rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index b5a2a9b..0f3cf85 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -376,11 +376,11 @@ sub update_rules { exit 1; } #check for prefix length, iptables permits 29 as --log-prefix - if (($policy_log) and (length ($name) > 17)) { + if (($policy_log) and (length ($name) > 19)) { my $action_char = uc(substr($policy, 0, 1)); - my $chain_tr = substr($name, 0, 17); + my $chain_tr = substr($name, 0, 19); printf STDERR 'Firewall config warning: ' - . "default logging prefix will be truncated to \"[$chain_tr-default-$action_char]\" \n"; + . "default logging prefix will be truncated to \"[$chain_tr-DEFLT-$action_char]\" \n"; } setup_chain($table, "$name", $iptables_cmd, $policy, $policy_log); add_refcnt($fw_tree_file, "$tree $name"); @@ -403,11 +403,14 @@ sub update_rules { } elsif ($nodes{$name} eq 'changed') { log_msg "$tree $name = changed"; #check for prefix length, iptables permits 29 as --log-prefix - if (($policy_log) and (length ($name) > 17)) { - my $action_char = uc(substr($policy, 0, 1)); - my $chain_tr = substr($name, 0, 17); - printf STDERR 'Firewall config warning: ' - . "default logging prefix will be truncated to \"[$chain_tr-default-$action_char]\" \n"; + my $test = $config->exists('enable-default-log'); + if (!($test)) { + if (($policy_log) and (length ($name) > 19)) { + my $action_char = uc(substr($policy, 0, 1)); + my $chain_tr = substr($name, 0, 19); + printf STDERR 'Firewall config warning2: ' + . "default logging prefix will be truncated to \"[$chain_tr-DEFLT-$action_char]\" \n"; + } } # handle the rules below. } @@ -769,12 +772,15 @@ sub set_default_policy { if ($log) { my $action_char = uc(substr($policy, 0, 1)); my $chain_tr = $chain; + my $ltarget; if (length ("[$chain-default-$action_char]") > 29 ) { # [ -default-a/r/d] 12 chars are always used here; iptables limits log-prefix to 29 chars # truncate $chain and form the ltarget with truncated chain - $chain_tr = substr($chain, 0, 17); + $chain_tr = substr($chain, 0, 19); + $ltarget = "LOG --log-prefix \"[$chain_tr-DEFLT-$action_char]\" "; + } else { + $ltarget = "LOG --log-prefix \"[$chain_tr-default-$action_char]\" "; } - my $ltarget = "LOG --log-prefix \"[$chain_tr-default-$action_char]\" "; run_cmd("$iptables_cmd -t $table -A $chain $comment -j $ltarget", 1); } run_cmd("$iptables_cmd -t $table -A $chain $comment -j $target", 1); |