How does LOGFORMAT in shorewall.conf control the length of the zone name as discussed in the zones man page? The default max length is 5. What would I specify in LOGFORMAT to allow a 6 character zone name? ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
Robert Moskowitz wrote:> How does LOGFORMAT in shorewall.conf control the length of the zone name > as discussed in the zones man page? > > The default max length is 5.The maximum length of an iptables log prefix is 29 bytes. As explained in the shorewall.conf manpage, the default LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first %s is replaced by the chain name and the second is replaced by the disposition. - The default formatting string has 12 fixed characters ("Shorewall" and three colons). - The longest of the standard dispositions are ACCEPT and REJECT which have 6 characters each. - The canonical name for the chain containing the rules for traffic going from zone 1 to zone 2 is "<zone 1>2<zone 2>". So if M is the maximum zone name length, such chains can have length 2*M + 1. 12 + 6 + 2*M + 1 = 29 which reduces to 2*M = 29 - 12 - 6 = 11 or M = 5> What would I specify in LOGFORMAT to allow > a 6 character zone name?Something with at least two fewer fixed characters than the default. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
Great explaination. Thanks. Tom Eastep wrote:> Robert Moskowitz wrote: > >> How does LOGFORMAT in shorewall.conf control the length of the zone name >> as discussed in the zones man page? >> >> The default max length is 5. >> > > The maximum length of an iptables log prefix is 29 bytes. As explained > in the shorewall.conf manpage, the default LOGPREFIX formatting string > is “Shorewall:%s:%s:” where the first %s is replaced by the chain name > and the second is replaced by the disposition. > > - The default formatting string has 12 fixed characters ("Shorewall" and > three colons). > - The longest of the standard dispositions are ACCEPT and REJECT which > have 6 characters each. > - The canonical name for the chain containing the rules for traffic > going from zone 1 to zone 2 is "<zone 1>2<zone 2>". So if M is the > maximum zone name length, such chains can have length 2*M + 1. > > 12 + 6 + 2*M + 1 = 29 > > which reduces to > > 2*M = 29 - 12 - 6 = 11 > > or > > M = 5 > > >> What would I specify in LOGFORMAT to allow >> a 6 character zone name? >> > > Something with at least two fewer fixed characters than the default. > > -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users