summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xscripts/firewall/vyatta-firewall.pl26
1 files changed, 16 insertions, 10 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl
index b5a2a9b..0f3cf85 100755
--- a/scripts/firewall/vyatta-firewall.pl
+++ b/scripts/firewall/vyatta-firewall.pl
@@ -376,11 +376,11 @@ sub update_rules {
exit 1;
}
#check for prefix length, iptables permits 29 as --log-prefix
- if (($policy_log) and (length ($name) > 17)) {
+ if (($policy_log) and (length ($name) > 19)) {
my $action_char = uc(substr($policy, 0, 1));
- my $chain_tr = substr($name, 0, 17);
+ my $chain_tr = substr($name, 0, 19);
printf STDERR 'Firewall config warning: '
- . "default logging prefix will be truncated to \"[$chain_tr-default-$action_char]\" \n";
+ . "default logging prefix will be truncated to \"[$chain_tr-DEFLT-$action_char]\" \n";
}
setup_chain($table, "$name", $iptables_cmd, $policy, $policy_log);
add_refcnt($fw_tree_file, "$tree $name");
@@ -403,11 +403,14 @@ sub update_rules {
} elsif ($nodes{$name} eq 'changed') {
log_msg "$tree $name = changed";
#check for prefix length, iptables permits 29 as --log-prefix
- if (($policy_log) and (length ($name) > 17)) {
- my $action_char = uc(substr($policy, 0, 1));
- my $chain_tr = substr($name, 0, 17);
- printf STDERR 'Firewall config warning: '
- . "default logging prefix will be truncated to \"[$chain_tr-default-$action_char]\" \n";
+ my $test = $config->exists('enable-default-log');
+ if (!($test)) {
+ if (($policy_log) and (length ($name) > 19)) {
+ my $action_char = uc(substr($policy, 0, 1));
+ my $chain_tr = substr($name, 0, 19);
+ printf STDERR 'Firewall config warning2: '
+ . "default logging prefix will be truncated to \"[$chain_tr-DEFLT-$action_char]\" \n";
+ }
}
# handle the rules below.
}
@@ -769,12 +772,15 @@ sub set_default_policy {
if ($log) {
my $action_char = uc(substr($policy, 0, 1));
my $chain_tr = $chain;
+ my $ltarget;
if (length ("[$chain-default-$action_char]") > 29 ) {
# [ -default-a/r/d] 12 chars are always used here; iptables limits log-prefix to 29 chars
# truncate $chain and form the ltarget with truncated chain
- $chain_tr = substr($chain, 0, 17);
+ $chain_tr = substr($chain, 0, 19);
+ $ltarget = "LOG --log-prefix \"[$chain_tr-DEFLT-$action_char]\" ";
+ } else {
+ $ltarget = "LOG --log-prefix \"[$chain_tr-default-$action_char]\" ";
}
- my $ltarget = "LOG --log-prefix \"[$chain_tr-default-$action_char]\" ";
run_cmd("$iptables_cmd -t $table -A $chain $comment -j $ltarget", 1);
}
run_cmd("$iptables_cmd -t $table -A $chain $comment -j $target", 1);