From 824dc93601e03f14d6acaffe11fb578fe2667394 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 2 Mar 2014 22:50:29 +0100
Subject: [PATCH] firewall: Add a trailing space to all log prefixes for better
 readability.

---
 config/firewall/firewall-policy | 12 ++++++------
 config/firewall/rules.pl        |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index 4aab930f5..b820a7f3e 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -69,13 +69,13 @@ esac
 case "${FWPOLICY2}" in
 	REJECT)
 		if [ "${DROPINPUT}" = "on" ]; then
-			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT"
+			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "REJECT_INPUT "
 		fi
 		iptables -A POLICYIN -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_INPUT"
 		;;
 	*) # DROP
 		if [ "${DROPINPUT}" = "on" ]; then
-			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT"
+			iptables -A POLICYIN -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
 		fi
 		iptables -A POLICYIN -j DROP -m comment --comment "DROP_INPUT"
 		;;
@@ -87,13 +87,13 @@ case "${POLICY}" in
 		case "${FWPOLICY}" in
 			REJECT)
 				if [ "${DROPFORWARD}" = "on" ]; then
-					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD"
+					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "REJECT_FORWARD "
 				fi
 				iptables -A POLICYFWD -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_FORWARD"
 				;;
 			*) # DROP
 				if [ "${DROPFORWARD}" = "on" ]; then
-					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD"
+					iptables -A POLICYFWD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
 				fi
 				iptables -A POLICYFWD -j DROP -m comment --comment "DROP_FORWARD"
 				;;
@@ -120,13 +120,13 @@ case "${POLICY1}" in
 		case "${FWPOLICY1}" in
 			REJECT)
 				if [ "${DROPOUTGOING}" = "on" ]; then
-					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT"
+					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "REJECT_OUTPUT "
 				fi
 				iptables -A POLICYOUT -j REJECT --reject-with icmp-host-unreachable -m comment --comment "DROP_OUTPUT"
 				;;
 			*) # DROP
 				if [ "${DROPOUTGOING}" == "on" ]; then
-					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT"
+					iptables -A POLICYOUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_OUTPUT "
 				fi
 				iptables -A POLICYOUT -j DROP -m comment --comment "DROP_OUTPUT"
 				;;
diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 9b05e6a36..182c9482a 100755
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -305,7 +305,7 @@ sub buildrules {
 							}
 
 							if ($LOG) {
-								run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j LOG --log-prefix 'DNAT'");
+								run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j LOG --log-prefix 'DNAT '");
 							}
 							run("$IPTABLES -t nat -A $CHAIN_NAT_DESTINATION @nat_options -j DNAT --to-destination $dnat_address");
 
@@ -317,7 +317,7 @@ sub buildrules {
 							push(@nat_options, @destination_options);
 
 							if ($LOG) {
-								run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j LOG --log-prefix 'SNAT'");
+								run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j LOG --log-prefix 'SNAT '");
 							}
 							run("$IPTABLES -t nat -A $CHAIN_NAT_SOURCE @nat_options -j SNAT --to-source $nat_address");
 						}
-- 
2.39.2