firewall: Add a trailing space to all log prefixes for better readability.

diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index 4aab930f59507f360165219ec693c82f62ccbb53..b820a7f3ee9dd9ca7fce76521a1c63b56eb2b804 100755 (executable)
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -69,13 +69,13 @@ esac
 case "${FWPOLICY2}" in
        REJECT)
                if [ "${DROPINPUT}" = "on" ]; then
-                       iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
+                       iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT "
                fi
                iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_INPUT"
                ;;
        *) # DROP
                if [ "${DROPINPUT}" = "on" ]; then
-                       iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
+                       iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
                fi
                iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
                ;;
@@ -87,13 +87,13 @@ case "${POLICY}" in
                case "${FWPOLICY}" in
                        REJECT)
                                if [ "${DROPFORWARD}" = "on" ]; then
-                                       iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+                                       iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD "
                                fi
                                iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
                                ;;
                        *) # DROP
                                if [ "${DROPFORWARD}" = "on" ]; then
-                                       iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+                                       iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
                                fi
                                iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
                                ;;
@@ -120,13 +120,13 @@ case "${POLICY1}" in
                case "${FWPOLICY1}" in
                        REJECT)
                                if [ "${DROPOUTGOING}" = "on" ]; then
-                                       iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
+                                       iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT "
                                fi
                                iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
                                ;;
                        *) # DROP
                                if [ "${DROPOUTGOING}" == "on" ]; then
-                                       iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT"
+                                       iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
                                fi
                                iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
                                ;;

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9b05e6a360c2b1700f28ecf5b4f3cc985ee018d7..182c9482aa52f0303756d5896f2f126ac7100650 100755 (executable)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -305,7 +305,7 @@ sub buildrules {
                                                        }
 
                                                        if ($LOG) {
-                                                               run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j LOG --log-prefix 'DNAT'");
+                                                               run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j LOG --log-prefix 'DNAT '");
                                                        }
                                                        run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j DNAT --to-destination $dnat_address");
 
@@ -317,7 +317,7 @@ sub buildrules {
                                                        push(@nat_options, @destination_options);
 
                                                        if ($LOG) {
-                                                               run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j LOG --log-prefix 'SNAT'");
+                                                               run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j LOG --log-prefix 'SNAT '");
                                                        }
                                                        run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j SNAT --to-source $nat_address");
                                                }