summaryrefslogtreecommitdiff
path: root/lib/Vyatta
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Vyatta')
-rw-r--r--lib/Vyatta/DstNatRule.pm4
-rw-r--r--lib/Vyatta/NatRuleCommon.pm6
-rw-r--r--lib/Vyatta/SrcNatRule.pm5
3 files changed, 11 insertions, 4 deletions
diff --git a/lib/Vyatta/DstNatRule.pm b/lib/Vyatta/DstNatRule.pm
index c0b9b01..764eed5 100644
--- a/lib/Vyatta/DstNatRule.pm
+++ b/lib/Vyatta/DstNatRule.pm
@@ -136,6 +136,7 @@ sub rule_str {
my $can_use_port = 1;
my $jump_target = '';
my $jump_param = '';
+ my $log_modifier = '';
my $use_netmap = 0;
my $tcp_and_udp = 0;
@@ -149,6 +150,7 @@ sub rule_str {
if ($self->{_exclude}) {
$jump_target = 'RETURN';
+ $log_modifier = 'EXCL';
} else {
$jump_target = 'DNAT';
}
@@ -290,7 +292,7 @@ sub rule_str {
$rule_str .= "$src_str $dst_str" . " -m comment --comment " . $comment;
if ("$self->{_log}" eq "enable") {
my $rule_num = $self->{_rule_number};
- my $log_prefix = get_log_prefix($rule_num, $jump_target, $type);
+ my $log_prefix = get_log_prefix($rule_num, $type, $log_modifier);
if ($tcp_and_udp == 1) {
my $tcp_log_rule = $rule_str;
$tcp_log_rule .= " -j LOG --log-prefix \"$log_prefix\" ";
diff --git a/lib/Vyatta/NatRuleCommon.pm b/lib/Vyatta/NatRuleCommon.pm
index a6311d3..afde084 100644
--- a/lib/Vyatta/NatRuleCommon.pm
+++ b/lib/Vyatta/NatRuleCommon.pm
@@ -57,13 +57,15 @@ sub get_num_ipt_rules {
}
sub get_log_prefix {
- my ($rule_num, $jump_target, $type) = @_;
+ my ($rule_num, $type, $modifier) = @_;
# In iptables it allows a 29 character log_prefix, but we ideally
# want to include "[nat-$type-$num-$target] "
# 4 4 4 7 = 19
# so no truncation is needed.
- my $log_prefix = "[NAT-$type-$rule_num-$jump_target] ";
+ my $log_prefix = "[NAT-$type-$rule_num";
+ $log_prefix .= "-$modifier" if $modifier;
+ $log_prefix .= "] ";
return $log_prefix;
}
diff --git a/lib/Vyatta/SrcNatRule.pm b/lib/Vyatta/SrcNatRule.pm
index 8579eba..bdfe199 100644
--- a/lib/Vyatta/SrcNatRule.pm
+++ b/lib/Vyatta/SrcNatRule.pm
@@ -142,6 +142,7 @@ sub rule_str {
my $can_use_port = 1;
my $jump_target = '';
my $jump_param = '';
+ my $log_modifier = '';
my $use_netmap = 0;
my $tcp_and_udp = 0;
@@ -154,8 +155,10 @@ sub rule_str {
if ($self->{_exclude}) {
$jump_target = 'RETURN';
+ $log_modifier = 'EXCL';
} elsif (defined($self->{_is_masq})) {
$jump_target = 'MASQUERADE';
+ $log_modifier = 'MASQ';
} else {
$jump_target = 'SNAT';
}
@@ -324,7 +327,7 @@ sub rule_str {
$rule_str .= " $src_str $dst_str" . " -m comment --comment " . $comment;
if ("$self->{_log}" eq "enable") {
my $rule_num = $self->{_rule_number};
- my $log_prefix = get_log_prefix($rule_num, $jump_target, $type);
+ my $log_prefix = get_log_prefix($rule_num, $type, $log_modifier);
if ($tcp_and_udp == 1) {
my $tcp_log_rule = $rule_str;
$tcp_log_rule .= " -j LOG --log-prefix \"$log_prefix\" ";