Replace 'list' with 'show dynamic' and add support in shorewall-lite

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9614 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-lite/shorewall-lite

@@ -384,8 +384,21 @@ usage() # $1 = exit status
     echo "   restart [ -n ] [ -p ]"
     echo "   restore [ -n ] [ <file name> ]"
     echo "   save [ <file name> ]"
-    echo "   show [ -x ] [ -m ] [ -f ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|filters|ip|log|mangle|nat|routing|tc|vardir|zones} ]"
+    echo "   show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
-    echo "   start [ -f ] [ -n ] [ -p ]"
+    echo "   show [ -f ] capabilities"
+    echo "   show classifiers"
+    echo "   show config"
+    echo "   show connections"
+    echo "   show dynamic <zone>"
+    echo "   show filter"
+    echo "   show ip"
+    echo "   show [ -m ] log"
+    echo "   show [ -x ] mangle|nat|raw"
+    echo "   show routing"
+    echo "   show tc"
+    echo "   show vardir"
+    echo "   show zones"
+    echo "   start [ -n ] [ -p ]"
     echo "   stop"
     echo "   status"
     echo "   version"
@@ -689,6 +702,16 @@ case "$COMMAND" in
     allow)
 	allow_command $@
 	;;
+    add)
+	get_config
+	shift
+	add_command $@
+	;;
+    delete)
+	get_config
+	shift
+	add_command $@
+	;;
     save)
 	[ -n "$debugging" ] && set -x
 

Shorewall/lib.cli

@@ -375,6 +375,34 @@ show_routing() {
     fi
 }
 
+#
+# 'list dynamic' command executor
+#
+find_sets() {
+    local junk
+    local setname
+
+    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
+}
+
+list_zone() {
+
+    local sets
+    local setname
+
+    [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
+
+    sets=$(find_sets $1)
+
+    for setname in $sets; do
+	echo "${setname#${1}_}:"
+	ipset -L $setname -n | awk 'BEGIN        {prnt=0;}; \
+                                    /^Members:/  {prnt=1; next; }; \
+                                    /^Bindings:/ {prnt=0; }; \
+                                                 { if (prnt == 1) print "   ", $1; };'
+    done
+}
+
 #
 # Show Command Executor
 #
@@ -505,6 +533,10 @@ show_command() {
 	    echo
 	    show_classifiers
 	    ;;
+	dynamic)
+	    [ $# -gt 2 ] && usage 1
+	    list_zone $2
+	    ;;
 	zones)
 	    [ $# -gt 1 ] && usage 1
 	    if [ -f ${VARDIR}/zones ]; then
@@ -1165,34 +1197,6 @@ delete_command() {
 	
 }
 
-#
-# 'list' command executor
-#
-find_sets() {
-    local junk
-    local setname
-
-    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
-}
-
-list_command() {
-
-    local sets
-    local setname
-
-    [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
-
-    sets=$(find_sets $1)
-
-    for setname in $sets; do
-	echo "${setname#${1}_}:"
-	ipset -L $setname -n | awk 'BEGIN        {prnt=0;}; \
-                                    /^Members:/  {prnt=1; next; }; \
-                                    /^Bindings:/ {prnt=0; }; \
-                                                 { if (prnt == 1) print "   ", $1; };'
-    done
-}
-
 #
 # 'hits' commmand executor
 #

Shorewall/releasenotes.txt

@@ -86,6 +86,8 @@ None.
     is built on top of ipsets so you must have installed the
     xtable-addons.
 
+    Dynamic zones are available when Shorewall-lite is used as well.
+
     Note that the dynamic zone support built into Shorewall provides no
     additional functionality over what is provided by simply defining a
     zone in terms of an ipset (see
@@ -100,9 +102,10 @@ None.
       entry for the zone in /etc/shorewall/hosts.
 
     When there are any dynamic zones present in your configuration, 
-    Shorewall will:
+    Shorewall (Shorewall-lite) will:
 
-    a) Execute the following commands during 'shorewall start'.
+    a) Execute the following commands during 'shorewall start' or
+    'shorewall-lite start'.
 
            ipset -U :all: :all:
 	   ipset -U :all: :default:
@@ -110,8 +113,10 @@ None.
 	   ipset -X   
 	   ipset -R < ${VARDIR}/ipsets.save
 
-       where $VARDIR normally contains /var/lib/shorewall but may be
+       where $VARDIR normally contains /var/lib/shorewall
-       modified by /etc/shorewall/vardir.
+       (/var/lib/shorewall-lite) but may be modified by
+       /etc/shorewall/vardir (/etc/shorewall-lite/vardir).
+
 
     b) During 'start', 'restart' and 'restore' processing, Shorewall
        will then attempt to create an ipset named <zone>_<interface>
@@ -119,7 +124,8 @@ None.
        dynamic. The type of ipset created is 'iphash' so that only
        individual IPv4 addresses may be added to the set.
 
-    c) Execute the following commands during 'shorewall stop':
+    c) Execute the following commands during 'shorewall stop' or
+       'shorewall-lite stop':
 
            if ipset -S > ${VARDIR}/ipsets.tmp; then
               mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
@@ -132,10 +138,12 @@ None.
 
            delete <interface>[:<host-list>] ... <zone>
 
-    In addition, a list command is supported that lists the dynamic
+    In addition, the 'show dynamic' command is added that lists the dynamic
     content of a zone.
 
-    	    list <zone>
+    	    show dynamic <zone>
+
+    These commands are supported by shorewall-lite as well.
 
 ----------------------------------------------------------------------------
                  N E W   F E A T U R E S   IN   4 . 3

Shorewall/shorewall

@@ -1339,7 +1339,6 @@ usage() # $1 = exit status
     echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"
     echo "   ipdecimal { <address> | <integer> }"
     echo "   iprange <address>-<address>"
-    echo "   list <zone>"
     echo "   load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
     echo "   logdrop <address> ..."
     echo "   logreject <address> ..."
@@ -1351,7 +1350,21 @@ usage() # $1 = exit status
     echo "   restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
     echo "   restore [ -n ] [ <file name> ]"
     echo "   save [ <file name> ]"
-    echo "   show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]"
+    echo "   show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
+    echo "   show actions"
+    echo "   show [ -f ] capabilities"
+    echo "   show classifiers"
+    echo "   show config"
+    echo "   show connections"
+    echo "   show dynamic <zone>"
+    echo "   show filter"
+    echo "   show ip"
+    echo "   show [ -m ] log"
+    echo "   show macros"
+    echo "   show [ -x ] mangle|nat|raw|routing"
+    echo "   show tc"
+    echo "   show vardir"
+    echo "   show zones"
     echo "   start [ -f ] [ -n ] [ -p ] [ <directory> ]"
     echo "   stop [ -f ]"
     echo "   status"
@@ -1635,7 +1648,7 @@ case "$COMMAND" in
 	shift
 	check_command $@
 	;;
-    show)
+    show|list)
 	get_config Yes No Yes
     	shift
     	show_command $@
@@ -1752,12 +1765,6 @@ case "$COMMAND" in
 	shift
 	add_command $@
 	;;
-    list)
-	get_config
-	shift;
-	[ $# -eq 1 ] || usage 1
-	list_command $1
-	;;
     save)
 	get_config
 	[ -n "$debugging" ] && set -x