'show connections' enhancement

- Allow tayloring of the entries displayed by specifying conntrack
  -L options.

Shorewall-core/lib.cli

@@ -1012,8 +1012,7 @@ show_command() {
 
     case "$1" in
 	connections)
-	    [ $# -gt 1 ] && usage 1
-
+	    show_connections
 	    if [ $g_family -eq 4 ]; then
 		if [ -d /proc/sys/net/netfilter/ ]; then
 		    local count
@@ -1028,8 +1027,10 @@ show_command() {
 		echo
 
 		if qt mywhich conntrack ; then
-		    conntrack -f ipv${g_family} -L | show_connections_filter
+		    shift
+		    conntrack -f ipv4 -L $@ | show_connections_filter
 		else
+		    [ $# -gt 1 ] && usage 1
 		    if [ -f /proc/net/ip_conntrack ]; then
 			cat /proc/net/ip_conntrack | show_connections_filter
 		    else
@@ -1037,10 +1038,12 @@ show_command() {
 		    fi
 	        fi
 	    elif qt mywhich conntrack ; then
+		shift
 		echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
 		echo
-		conntrack -f ipv6 -L | show_connections_filter
+		conntrack -f ipv6 -L $@ | show_connections_filter
 	    else
+		[ $# -gt 1 ] && usage 1
 		local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
 		local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
 		echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
@@ -1544,7 +1547,9 @@ do_dump_command() {
 	heading "Conntrack Table"
     fi
 
-    if [ $g_family -eq 4 ]; then
+    if qt mywhich conntrack; then
+	conntrack -f ipv${g_family} -L 2> /dev/null
+    elif [ $g_family -eq 4 ]; then
     	[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
     else
 	grep '^ipv6' /proc/net/nf_conntrack

Shorewall-lite/manpages/shorewall-lite.xml

@@ -1243,11 +1243,19 @@
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">connections</emphasis></term>
+              <term><emphasis role="bold">connections
+              [<replaceable>filter_parameter</replaceable>
+              ...]</emphasis></term>
 
               <listitem>
                 <para>Displays the IP connections currently being tracked by
                 the firewall.</para>
+
+                <para>If the <command>conntrack</command> utility is
+                installed, beginning with Shorewall 4.6.11 the set of
+                connections displayed can be limited by including conntrack
+                filter parameters (-p , -s, --dport, etc). See conntrack(8)
+                for details.</para>
               </listitem>
             </varlistentry>
 

Shorewall/manpages/shorewall.xml

@@ -1931,11 +1931,19 @@
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">connections</emphasis></term>
+              <term><emphasis role="bold">connections
+              [<replaceable>filter_parameter</replaceable>
+              ...]</emphasis></term>
 
               <listitem>
                 <para>Displays the IP connections currently being tracked by
                 the firewall.</para>
+
+                <para>If the <command>conntrack</command> utility is
+                installed, beginning with Shorewall 4.6.11 the set of
+                connections displayed can be limited by including conntrack
+                filter parameters (-p , -s, --dport, etc). See conntrack(8)
+                for details.</para>
               </listitem>
             </varlistentry>
 

Shorewall6-lite/manpages/shorewall6-lite.xml

@@ -1216,11 +1216,19 @@
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">connections</emphasis></term>
+              <term><emphasis role="bold">connections
+              [<replaceable>filter_parameter</replaceable>
+              ...]</emphasis></term>
 
               <listitem>
                 <para>Displays the IP connections currently being tracked by
                 the firewall.</para>
+
+                <para>If the <command>conntrack</command> utility is
+                installed, beginning with Shorewall 4.6.11 the set of
+                connections displayed can be limited by including conntrack
+                filter parameters (-p , -s, --dport, etc). See conntrack(8)
+                for details.</para>
               </listitem>
             </varlistentry>
 

Shorewall6/manpages/shorewall6.xml

@@ -1817,11 +1817,19 @@
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">connections</emphasis></term>
+              <term><emphasis role="bold">connections
+              [<replaceable>filter_parameter</replaceable>
+              ...]</emphasis></term>
 
               <listitem>
                 <para>Displays the IP connections currently being tracked by
                 the firewall.</para>
+
+                <para>If the <command>conntrack</command> utility is
+                installed, beginning with Shorewall 4.6.11 the set of
+                connections displayed can be limited by including conntrack
+                filter parameters (-p , -s, --dport, etc). See conntrack(8)
+                for details.</para>
               </listitem>
             </varlistentry>