Shorewall devel - Jul 2004 - long rule action names with logging cause iptables errors

This rule with a long name and logging:

    AllowInternetPrintingProtocol:debug

causes this iptables error:

    Processing /etc/shorewall/rules...
       Rule "AllowSSH:info net fw" added.
       Rule "AllowPing:info net fw" added.
       Rule "AllowWeb:debug net fw" added.
    iptables v1.2.9: Maximum prefix length 29 for --log-prefix
    Try `iptables -h'' or ''iptables --help'' for more
information.

Fixing this means checking the length of the expansion of the LOGFORMAT
variable after printf has had its way.  Perhaps change this:

    --log-prefix ''"$(printf "$LOGFORMAT" $chain $rulenum
$disposition)"''

to this:

    --log-prefix ''"$(Logprintf "$LOGFORMAT" $chain
$rulenum $disposition)"''

    Logprintf () {
	fmt="$1"
	shift
	temp=$( printf "$fmt" $* )
	if [ ${#temp} -gt 29 ]; then
	     save="$temp"
	     temp=$( expr "$temp" :
''\(.............................\)'' )
	     error_message "WARNING: LOGFORMAT msg ''$save''
truncated to ''$temp''"
	fi
	echo "$temp"
    }

In "firewall" you might change the unhelpful "LOGFORMAT string is
too long"
to say "is longer than 29 characters", though you can get rid of it
entirely if you apply the above auto-truncate fix.

-- 
-IAN!  Ian! D. Allen   Ottawa, Ontario, Canada
       EMail: idallen@idallen.ca   WWW: http://www.idallen.com/
       College professor via: http://teaching.idallen.com/
       Support free and open public digital rights:  http://eff.org/