extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-17 22:51:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add 'show capabilities'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2052 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-04-15 14:22:08 +00:00
parent d5752af95d
commit 134019c40e
5 changed files with 50 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall2/changelog.txt
View File

@ -15,6 +15,8 @@ Changes in 2.2.4
7) Add support for SAME 7) Add support for SAME
8) Add 'shorewall show capabilities'
Changes in 2.2.3 Changes in 2.2.3
1) Added the 'continue' extension script. 1) Added the 'continue' extension script.

21
Shorewall2/firewall
View File

@ -2826,6 +2826,12 @@ check_config() {
[ -n "$PHYSDEV_MATCH" ] || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables" [ -n "$PHYSDEV_MATCH" ] || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables"
fi fi
[ "$MACLIST_TTL" = "0" ] && MACLIST_TTL=
if [ -n "$MACLIST_TTL" -a -z "$RECENT_MATCH" ]; then
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
fi
echo "Determining Zones..." echo "Determining Zones..."
determine_zones determine_zones
@ -5743,6 +5749,11 @@ initialize_netfilter () {
[ -n "$PHYSDEV_MATCH" ] || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables" [ -n "$PHYSDEV_MATCH" ] || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables"
fi fi
[ "$MACLIST_TTL" = "0" ] && MACLIST_TTL=
if [ -n "$MACLIST_TTL" -a -z "$RECENT_MATCH" ]; then
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
fi
[ -n "$RFC1918_STRICT" -a -z "$CONNTRACK_MATCH" ] && \ [ -n "$RFC1918_STRICT" -a -z "$CONNTRACK_MATCH" ] && \
startup_error "RFC1918_STRICT=Yes requires Connection Tracking match" startup_error "RFC1918_STRICT=Yes requires Connection Tracking match"
@ -7562,12 +7573,6 @@ do_initialize() {
LOGTAGONLY=$(added_param_value_no LOGTAGONLY $LOGTAGONLY) LOGTAGONLY=$(added_param_value_no LOGTAGONLY $LOGTAGONLY)
DROPINVALID=$(added_param_value_yes DROPINVALID $DROPINVALID) DROPINVALID=$(added_param_value_yes DROPINVALID $DROPINVALID)
RFC1918_STRICT=$(added_param_value_no RFC1918_STRICT $RFC1918_STRICT) RFC1918_STRICT=$(added_param_value_no RFC1918_STRICT $RFC1918_STRICT)
[ "$MACLIST_TTL" = "0" ] && MACLIST_TTL=
if [ -n "$MACLIST_TTL" -a -z "$RECENT_MATCH" ]; then
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
fi
# #
# Strip the files that we use often # Strip the files that we use often
# #
@ -7752,6 +7757,10 @@ case "$COMMAND" in
EMPTY= EMPTY=
$@ $@
;; ;;
capabilities)
do_initialize
report_capabilities
;;
*) *)
usage usage
;; ;;

2
Shorewall2/help
View File

@ -254,6 +254,8 @@ show)
shorewall show zones - displays the contents of all zones. shorewall show zones - displays the contents of all zones.
shorewall show capabilities - displays your kernel/iptables capabilities
When -x is given, that option is also passed to iptables to display actual packet and byte counts." When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;; ;;

24
Shorewall2/releasenotes.txt
View File

@ -127,6 +127,30 @@ New Features in version 2.2.4
the keyword SAME replacing DNAT. As in the masq file, changing the the keyword SAME replacing DNAT. As in the masq file, changing the
port number is not supported. port number is not supported.
5) A "shorewall show capabilities" command has been added to report the
capabilities of your kernel and iptables.
Example:
gateway:~# shorewall show capabilities
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Not available
Policy Match: Available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
gateway:~#
----------------------------------------------------------------------- -----------------------------------------------------------------------
Problems corrected in version 2.2.3 Problems corrected in version 2.2.3

9
Shorewall2/shorewall
View File

@ -58,6 +58,7 @@
# shorewall show {mangle|tos} Display the rules in the mangle table # shorewall show {mangle|tos} Display the rules in the mangle table
# shorewall show tc Display traffic control info # shorewall show tc Display traffic control info
# shorewall show classifiers Display classifiers # shorewall show classifiers Display classifiers
# shorewall show capabilities Display iptables/kernel capabilities
# shorewall version Display the installed version id # shorewall version Display the installed version id
# shorewall check Verify the more heavily-used # shorewall check Verify the more heavily-used
# configuration files. # configuration files.
@ -537,7 +538,8 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
host=$(echo $HOSTNAME | sed 's/\..*$//') host=$(echo $HOSTNAME | sed 's/\..*$//')
oldrejects=$($IPTABLES -L -v -n | grep 'LOG') oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
if [ $1 -lt 0 ]; then if [ $1 -lt 0 ]; then> -Tom
timeout=$((- $1)) timeout=$((- $1))
pause="Yes" pause="Yes"
else else
@ -616,7 +618,7 @@ usage() # $1 = exit status
echo " restart [ <directory> ]" echo " restart [ <directory> ]"
echo " restore [ <file name> ]" echo " restore [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos|zones]" echo " show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
echo " start [ <directory> ]" echo " start [ <directory> ]"
echo " stop" echo " stop"
echo " status" echo " status"
@ -938,6 +940,9 @@ case "$1" in
exit 1 exit 1
fi fi
;; ;;
capabilities)
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
;;
*) *)
shift shift