From 2ef674dc4020f647df6fdbca368f2b90f8a11e5f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 1 Feb 2011 16:47:20 -0800 Subject: [PATCH] Add 'show iptaccount' command --- Shorewall/changelog.txt | 2 ++ Shorewall/lib.cli | 31 +++++++++++++++++++++++++++ Shorewall/releasenotes.txt | 5 +++++ Shorewall/shorewall | 1 + manpages/shorewall.xml | 44 +++++++++++++++++++++++++++++++------- manpages6/shorewall6.xml | 25 ++++++++++++++++++---- 6 files changed, 96 insertions(+), 12 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index a7b2e5a3f..c0d7010b9 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -6,6 +6,8 @@ Changes in Shorewall 4.4.17 RC 1 3) Tighten up the editing of ACCOUNT(...). +4) Add 'show ipaccount' command. + Changes in Shorewall 4.4.17 Beta 3 1) Allow run-time address variables in the masq file. diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index d77440ceb..3605e11d3 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -713,6 +713,12 @@ show_command() { echo [ -f ${VARDIR}/policies ] && cat ${VARDIR}/policies; ;; + ipaccount) + echo "$g_product $SHOREWALL_VERSION per-IP Accounting at $g_hostname - $(date)" + echo + [ $# -gt 1 ] && usage 1 + perip_accounting + ;; *) if [ "$g_product" = Shorewall ]; then case $1 in @@ -811,6 +817,27 @@ show_command() { esac } +perip_accounting() { + if qt mywhich iptaccount; then + local hnames + local hname + + hnames=$(iptaccount -a | grep '^Found table:' | cut -d ' ' -f 3) + + if [ -n "$hnames" ]; then + for hname in $hnames; do + iptaccount -l $hname | egrep '^IP:|^Show' + echo + done + else + echo " No IP Accounting Tables Defined" + echo + fi + else + echo " iptaccount is not installed" + fi +} + # # Dump Filter - For Shorewall-lite, if there was a dumpfilter file at compile-time, # then the compiler generated another version of this function and @@ -947,6 +974,10 @@ do_dump_command() { brctl show fi + heading "Per-IP Counters" + + perip_accounting + if qt mywhich setkey; then heading "PFKEY SPD" setkey -DP diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 424505b53..9e3b1d7ae 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -79,6 +79,11 @@ Beta 1 I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- +RC 1 + +1) A 'show ipaccount' command has been added to /sbin/shorewall. It + displays each per-IP accounting table. + Beta 3 1) This release adds support for per-IP accounting using the ACCOUNT diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 87c66f3b8..7590882ef 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1363,6 +1363,7 @@ usage() # $1 = exit status echo " show dynamic " echo " show filters" echo " show ip" + echo " show ipaccount" echo " show [ -m ] log []" echo " show macro " echo " show macros" diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index a5daae081..c073e5a5a 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -487,7 +487,7 @@ + choice="req"> @@ -1266,6 +1266,25 @@ + + ip + + + Displays the system's IPv4 configuration. + + + + + ipaccount + + + Added in Shorewall 4.4.17. Displays the per-IP + accounting counters (shorewall-accounting + (5)). + + + log @@ -1337,6 +1356,14 @@ + + routing + + + Displays the system's IPv4 routing configuration. + + + raw @@ -1480,12 +1507,13 @@ url="http://www.shorewall.net/starting_and_stopping_shorewall.htm">http://www.shorewall.net/starting_and_stopping_shorewall.htm shorewall-accounting(5), shorewall-actions(5), - shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), - shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), - shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), - shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5), - shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), - shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), - shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) + shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), + shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), + shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), + shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), + shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5), + shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), + shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), + shorewall-tunnels(5), shorewall-zones(5) diff --git a/manpages6/shorewall6.xml b/manpages6/shorewall6.xml index 2d4bf9c35..43833bf67 100644 --- a/manpages6/shorewall6.xml +++ b/manpages6/shorewall6.xml @@ -404,7 +404,7 @@ + choice="req"> @@ -1074,6 +1074,14 @@ + + ip + + + Displays the system's IPv6 configuration. + + + log @@ -1121,6 +1129,14 @@ + + Routing + + + Displays the system's IPv6 routing configuration. + + + tc @@ -1245,8 +1261,9 @@ shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-route_rules(5), - shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), - shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), - shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5) + shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), + shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), + shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), + shorewall6-zones(5)