[COMMIT LOGREPORT] service/firewall/lib IptablesDlfConverter.pm,1.10,1.11

Wytze van der Raay wraay at users.sourceforge.net
Mon Feb 14 12:31:11 CET 2005 

Update of /cvsroot/logreport/service/firewall/lib
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26699

Modified Files:
	IptablesDlfConverter.pm
Log Message:
Add support for proper labeling of traffic permitted by the firewall,
by adding a matching regular expression for 'permitted' similar to the
one for 'denied'.
Update the documentation (LIMITATIONS section) accordingly.


Index: IptablesDlfConverter.pm
===================================================================
RCS file: /cvsroot/logreport/service/firewall/lib/IptablesDlfConverter.pm,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- IptablesDlfConverter.pm	13 Oct 2004 10:18:44 -0000	1.10
+++ IptablesDlfConverter.pm	14 Feb 2005 11:07:33 -0000	1.11
@@ -45,6 +45,7 @@
                );

  my $denied_re = qr/deny|denied|drop|reject|unallowed/i;
+my $permit_re = qr/accept|permit/i;

  my %field_re = ();
  foreach my $k ( keys %ipt2dlf ) {
@@ -80,6 +81,7 @@
          # string in the label.
          ($dlf{rule}) = $log->{content} =~ /^(.*?)IN=/;
          $dlf{action} = "denied" if $dlf{rule} =~ /$denied_re/;
+        $dlf{action} = "permitted" if $dlf{rule} =~ /$permit_re/;
          while ( my ( $field, $re ) = each %field_re ) {
              my ( $value ) = $log->{content} =~ /$re/;
              ( $dlf{$ipt2dlf{$field}} ) = $value if defined $value;
@@ -128,9 +130,11 @@

  The netfilter logging modules don't log the status of the packet
  (drop, accept, reject) like the ipchains logging code. You can specify
-a prefix that will be used in the log. This converter will marks the
-packet as 'denied' whenever that prefix match (case insensitive) the
-following regex: 'denied|deny|drop|reject', other packets will have
+a prefix that will be used in the log. This converter will mark the
+packet as 'denied' whenever that prefix matches (case insensitive) the
+following regex: 'denied|deny|drop|reject|unallowed', it will mark the
+packet as 'permitted' whenever that prefix matches (case insensitive)
+the following regex: 'accept|permit', and all other packets will have
  '-' as the value of the 'action' field.

  So in order for this converter to detect 'denied' packets, you should use a

-- 
To UNSUBSCRIBE, email to commit-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
commit-request at logreport.org

More information about the Commit mailing list