diff options
Diffstat (limited to 'lib/Vyatta')
-rw-r--r-- | lib/Vyatta/DstNatRule.pm | 4 | ||||
-rw-r--r-- | lib/Vyatta/NatRuleCommon.pm | 6 | ||||
-rw-r--r-- | lib/Vyatta/SrcNatRule.pm | 5 |
3 files changed, 11 insertions, 4 deletions
diff --git a/lib/Vyatta/DstNatRule.pm b/lib/Vyatta/DstNatRule.pm index c0b9b01..764eed5 100644 --- a/lib/Vyatta/DstNatRule.pm +++ b/lib/Vyatta/DstNatRule.pm @@ -136,6 +136,7 @@ sub rule_str { my $can_use_port = 1; my $jump_target = ''; my $jump_param = ''; + my $log_modifier = ''; my $use_netmap = 0; my $tcp_and_udp = 0; @@ -149,6 +150,7 @@ sub rule_str { if ($self->{_exclude}) { $jump_target = 'RETURN'; + $log_modifier = 'EXCL'; } else { $jump_target = 'DNAT'; } @@ -290,7 +292,7 @@ sub rule_str { $rule_str .= "$src_str $dst_str" . " -m comment --comment " . $comment; if ("$self->{_log}" eq "enable") { my $rule_num = $self->{_rule_number}; - my $log_prefix = get_log_prefix($rule_num, $jump_target, $type); + my $log_prefix = get_log_prefix($rule_num, $type, $log_modifier); if ($tcp_and_udp == 1) { my $tcp_log_rule = $rule_str; $tcp_log_rule .= " -j LOG --log-prefix \"$log_prefix\" "; diff --git a/lib/Vyatta/NatRuleCommon.pm b/lib/Vyatta/NatRuleCommon.pm index a6311d3..afde084 100644 --- a/lib/Vyatta/NatRuleCommon.pm +++ b/lib/Vyatta/NatRuleCommon.pm @@ -57,13 +57,15 @@ sub get_num_ipt_rules { } sub get_log_prefix { - my ($rule_num, $jump_target, $type) = @_; + my ($rule_num, $type, $modifier) = @_; # In iptables it allows a 29 character log_prefix, but we ideally # want to include "[nat-$type-$num-$target] " # 4 4 4 7 = 19 # so no truncation is needed. - my $log_prefix = "[NAT-$type-$rule_num-$jump_target] "; + my $log_prefix = "[NAT-$type-$rule_num"; + $log_prefix .= "-$modifier" if $modifier; + $log_prefix .= "] "; return $log_prefix; } diff --git a/lib/Vyatta/SrcNatRule.pm b/lib/Vyatta/SrcNatRule.pm index 8579eba..bdfe199 100644 --- a/lib/Vyatta/SrcNatRule.pm +++ b/lib/Vyatta/SrcNatRule.pm @@ -142,6 +142,7 @@ sub rule_str { my $can_use_port = 1; my $jump_target = ''; my $jump_param = ''; + my $log_modifier = ''; my $use_netmap = 0; my $tcp_and_udp = 0; @@ -154,8 +155,10 @@ sub rule_str { if ($self->{_exclude}) { $jump_target = 'RETURN'; + $log_modifier = 'EXCL'; } elsif (defined($self->{_is_masq})) { $jump_target = 'MASQUERADE'; + $log_modifier = 'MASQ'; } else { $jump_target = 'SNAT'; } @@ -324,7 +327,7 @@ sub rule_str { $rule_str .= " $src_str $dst_str" . " -m comment --comment " . $comment; if ("$self->{_log}" eq "enable") { my $rule_num = $self->{_rule_number}; - my $log_prefix = get_log_prefix($rule_num, $jump_target, $type); + my $log_prefix = get_log_prefix($rule_num, $type, $log_modifier); if ($tcp_and_udp == 1) { my $tcp_log_rule = $rule_str; $tcp_log_rule .= " -j LOG --log-prefix \"$log_prefix\" "; |