[Shorewall-devel] minor problem with shorewall-1.4.4

Tuomo Soini tis at foobar.fi
Mon May 26 14:14:36 PDT 2003


I found a minor problem in new logging system.

New logging system limits zone-names effectively to 4 characters. If you 
have REJECT policy between 2 zones which have 5 characters long, here 
example ipsec zone, I iptables will give error because logprefix is 
limited to 29 characters.

--log-prefix "Shorewall:ipsec2ipsec:1:REJECT:"

So zone names should be limited to 4 characters or default logformat 
needs change. My fix was to change to:

LOGFORMAT="Shw:%s:%d:%s:"

But there still is limit to zone name length which needs to be enforced.

-- 
Tuomo Soini <tis at foobar.fi>
Linux and network services
Foobar Oy <http://foobar.fi/>



More information about the Shorewall-devel mailing list