mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Use 'conntrack' for 'show connections'
This commit is contained in:
parent
611c33e052
commit
0f4d8eb929
@ -2,6 +2,8 @@ Changes in Shorewall 4.4.14
|
|||||||
|
|
||||||
1) Support ipset lists.
|
1) Support ipset lists.
|
||||||
|
|
||||||
|
2) Use conntrack in 'shorewall connections'
|
||||||
|
|
||||||
Changes in Shorewall 4.4.13
|
Changes in Shorewall 4.4.13
|
||||||
|
|
||||||
1) Allow zone lists in rules SOURCE and DEST.
|
1) Allow zone lists in rules SOURCE and DEST.
|
||||||
|
@ -524,11 +524,17 @@ show_command() {
|
|||||||
case "$1" in
|
case "$1" in
|
||||||
connections)
|
connections)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
|
if mywhich conntrack ; then
|
||||||
|
echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
|
||||||
|
echo
|
||||||
|
conntrack -f ipv4 -L
|
||||||
|
else
|
||||||
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
|
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
|
||||||
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
|
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
|
||||||
echo "$g_product $SHOREWALL_VERSION Connections ($count out of $max) at $g_hostname - $(date)"
|
echo "$g_product $SHOREWALL_VERSION Connections ($count out of $max) at $g_hostname - $(date)"
|
||||||
echo
|
echo
|
||||||
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
|
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
nat)
|
nat)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
|
@ -23,6 +23,9 @@ None.
|
|||||||
1) On systems running Upstart, shorewall-init cannot reliably start the
|
1) On systems running Upstart, shorewall-init cannot reliably start the
|
||||||
firewall before interfaces are brought up.
|
firewall before interfaces are brought up.
|
||||||
|
|
||||||
|
2) Shorewall now uses the 'conntrack' utility for 'show connections'
|
||||||
|
if that utility is installed.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
|
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
@ -448,11 +448,17 @@ show_command() {
|
|||||||
case "$1" in
|
case "$1" in
|
||||||
connections)
|
connections)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
|
if mywhich conntrack ; then
|
||||||
|
echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
|
||||||
|
echo
|
||||||
|
conntrack -f ipv6 -L
|
||||||
|
else
|
||||||
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
|
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
|
||||||
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
|
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
|
||||||
echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
|
echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
|
||||||
echo
|
echo
|
||||||
grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g'
|
grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g'
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
tos|mangle)
|
tos|mangle)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
|
Loading…
Reference in New Issue
Block a user