From 1b571f3d863993f0f20ed9e2da75f9b590d5c4b4 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 11 Sep 2015 14:16:16 -0700 Subject: [PATCH] Correct the reset command - Also allow chain names to be specified a la the refresh command Signed-off-by: Tom Eastep --- Shorewall-core/lib.common | 4 ++-- Shorewall/Perl/prog.footer | 36 ++++++++++++++++++++++++------ Shorewall/manpages/shorewall.xml | 11 ++++++++- Shorewall6/manpages/shorewall6.xml | 11 ++++++++- 4 files changed, 51 insertions(+), 11 deletions(-) diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common index c1454266f..5814189fd 100644 --- a/Shorewall-core/lib.common +++ b/Shorewall-core/lib.common @@ -499,9 +499,9 @@ in_network() # $1 = IP address, $2 = CIDR network # # Query NetFilter about the existence of a filter chain # -chain_exists() # $1 = chain name +chain_exists() # $1 = chain name, $2 = table name (optional) { - qt1 $g_tool -L $1 -n + qt1 $g_tool -t ${2:-filter} -L $1 -n } # diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer index 419471927..b8ebcd7e3 100644 --- a/Shorewall/Perl/prog.footer +++ b/Shorewall/Perl/prog.footer @@ -266,17 +266,39 @@ case "$COMMAND" in else shift status=0 + table=filter for chain in $@; do - if chain_exists $chain; then - if qt $g_tool-Z $chain; then - progress_message3 "Filter $chain Counters Reset" + case $chain in + *:*) + table=${chain%:*} + chain=${chain#*:} + case $table in + raw|nat|mangle|filter) + ;; + *) + error_message "ERROR: Invalid table name ($table)" + status=2 + ;; + esac + ;; + *) + ;; + esac + + if [ $status -eq 0 ]; then + if chain_exists $chain $table; then + if qt $g_tool -t $table -Z $chain; then + progress_message3 "Completed counter reset of $table chain $chain" + else + error_message "ERROR: Reset of $table chain $chain failed" + status=2 + break + fi else - error_message "ERROR: Reset of chain $chain failed" - status=2 - break + error_message "WARNING: $table chain $chain does not exist" fi else - error_message "WARNING: Filter Chain $chain does not exist" + break; fi done fi diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index f1b83a8dd..570c46985 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -497,7 +497,9 @@ -options - + chain + ... @@ -1768,6 +1770,13 @@ chain(s). If no chain is specified, all the packet and byte counters in the firewall are reset. + + Beginning with Shorewall 5.0.0, + chain may be composed of both a table + name and a chain name separated by a colon (e.g., + mangle:PREROUTING). Chain names following that don't include a table + name are assumed to be in that same table. If no table name is given + in the command, the filter table is assumed. diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 20f2380db..16fa452b2 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -451,7 +451,9 @@ -options - + chain + ... @@ -1703,6 +1705,13 @@ chain(s). If no chain is specified, all the packet and byte counters in the firewall are reset. + + Beginning with Shorewall 5.0.0, + chain may be composed of both a table + name and a chain name separated by a colon (e.g., + mangle:PREROUTING). Chain names following that don't include a table + name are assumed to be in that same table. If no table name is given + in the command, the filter table is assumed.