Replace 'list' with 'show dynamic' and add support in shorewall-lite

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9614 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 07:33:43 +01:00 · 2009-03-06 20:43:46 +00:00 · 2009-03-06 20:43:46 +00:00 · 2f1f376d50
commit 2f1f376d50
parent d83334a1d1
4 changed files with 88 additions and 46 deletions
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@ -384,8 +384,21 @@ usage() # $1 = exit status
    echo "   restart [ -n ] [ -p ]"
    echo "   restore [ -n ] [ <file name> ]"
    echo "   save [ <file name> ]"
-    echo "   show [ -x ] [ -m ] [ -f ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|filters|ip|log|mangle|nat|routing|tc|vardir|zones} ]"
-    echo "   start [ -f ] [ -n ] [ -p ]"
+    echo "   show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
+    echo "   show [ -f ] capabilities"
+    echo "   show classifiers"
+    echo "   show config"
+    echo "   show connections"
+    echo "   show dynamic <zone>"
+    echo "   show filter"
+    echo "   show ip"
+    echo "   show [ -m ] log"
+    echo "   show [ -x ] mangle|nat|raw"
+    echo "   show routing"
+    echo "   show tc"
+    echo "   show vardir"
+    echo "   show zones"
+    echo "   start [ -n ] [ -p ]"
    echo "   stop"
    echo "   status"
    echo "   version"
@ -689,6 +702,16 @@ case "$COMMAND" in
    allow)
 	allow_command $@
 	;;
+    add)
+	get_config
+	shift
+	add_command $@
+	;;
+    delete)
+	get_config
+	shift
+	add_command $@
+	;;
    save)
 	[ -n "$debugging" ] && set -x

--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@ -375,6 +375,34 @@ show_routing() {
    fi
 }

+#
+# 'list dynamic' command executor
+#
+find_sets() {
+    local junk
+    local setname
+
+    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
+}
+
+list_zone() {
+
+    local sets
+    local setname
+
+    [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
+
+    sets=$(find_sets $1)
+
+    for setname in $sets; do
+	echo "${setname#${1}_}:"
+	ipset -L $setname -n | awk 'BEGIN        {prnt=0;}; \
+                                    /^Members:/  {prnt=1; next; }; \
+                                    /^Bindings:/ {prnt=0; }; \
+                                                 { if (prnt == 1) print "   ", $1; };'
+    done
+}
+
 #
 # Show Command Executor
 #
@ -505,6 +533,10 @@ show_command() {
 	    echo
 	    show_classifiers
 	    ;;
+	dynamic)
+	    [ $# -gt 2 ] && usage 1
+	    list_zone $2
+	    ;;
 	zones)
 	    [ $# -gt 1 ] && usage 1
 	    if [ -f ${VARDIR}/zones ]; then
@ -1165,34 +1197,6 @@ delete_command() {
 	
 }

-#
-# 'list' command executor
-#
-find_sets() {
-    local junk
-    local setname
-
-    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
-}
-
-list_command() {
-
-    local sets
-    local setname
-
-    [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
-
-    sets=$(find_sets $1)
-
-    for setname in $sets; do
-	echo "${setname#${1}_}:"
-	ipset -L $setname -n | awk 'BEGIN        {prnt=0;}; \
-                                    /^Members:/  {prnt=1; next; }; \
-                                    /^Bindings:/ {prnt=0; }; \
-                                                 { if (prnt == 1) print "   ", $1; };'
-    done
-}
-
 #
 # 'hits' commmand executor
 #
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -86,6 +86,8 @@ None.
    is built on top of ipsets so you must have installed the
    xtable-addons.

+    Dynamic zones are available when Shorewall-lite is used as well.
+
    Note that the dynamic zone support built into Shorewall provides no
    additional functionality over what is provided by simply defining a
    zone in terms of an ipset (see
@ -100,9 +102,10 @@ None.
      entry for the zone in /etc/shorewall/hosts.

    When there are any dynamic zones present in your configuration, 
-    Shorewall will:
+    Shorewall (Shorewall-lite) will:

-    a) Execute the following commands during 'shorewall start'.
+    a) Execute the following commands during 'shorewall start' or
+    'shorewall-lite start'.

           ipset -U :all: :all:
 	   ipset -U :all: :default:
@ -110,8 +113,10 @@ None.
 	   ipset -X   
 	   ipset -R < ${VARDIR}/ipsets.save

-       where $VARDIR normally contains /var/lib/shorewall but may be
-       modified by /etc/shorewall/vardir.
+       where $VARDIR normally contains /var/lib/shorewall
+       (/var/lib/shorewall-lite) but may be modified by
+       /etc/shorewall/vardir (/etc/shorewall-lite/vardir).
+

    b) During 'start', 'restart' and 'restore' processing, Shorewall
       will then attempt to create an ipset named <zone>_<interface>
@ -119,7 +124,8 @@ None.
       dynamic. The type of ipset created is 'iphash' so that only
       individual IPv4 addresses may be added to the set.

-    c) Execute the following commands during 'shorewall stop':
+    c) Execute the following commands during 'shorewall stop' or
+       'shorewall-lite stop':

           if ipset -S > ${VARDIR}/ipsets.tmp; then
              mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
@ -132,10 +138,12 @@ None.

           delete <interface>[:<host-list>] ... <zone>

-    In addition, a list command is supported that lists the dynamic
+    In addition, the 'show dynamic' command is added that lists the dynamic
    content of a zone.

-    	    list <zone>
+    	    show dynamic <zone>
+
+    These commands are supported by shorewall-lite as well.

 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   IN   4 . 3
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -1339,7 +1339,6 @@ usage() # $1 = exit status
    echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"
    echo "   ipdecimal { <address> | <integer> }"
    echo "   iprange <address>-<address>"
-    echo "   list <zone>"
    echo "   load [ -s ] [ -c ] [ -r <root user> ] [ <directory> ] <system>"
    echo "   logdrop <address> ..."
    echo "   logreject <address> ..."
@ -1351,7 +1350,21 @@ usage() # $1 = exit status
    echo "   restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
    echo "   restore [ -n ] [ <file name> ]"
    echo "   save [ <file name> ]"
-    echo "   show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|raw|routing|tc|vardir|zones} ]"
+    echo "   show [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
+    echo "   show actions"
+    echo "   show [ -f ] capabilities"
+    echo "   show classifiers"
+    echo "   show config"
+    echo "   show connections"
+    echo "   show dynamic <zone>"
+    echo "   show filter"
+    echo "   show ip"
+    echo "   show [ -m ] log"
+    echo "   show macros"
+    echo "   show [ -x ] mangle|nat|raw|routing"
+    echo "   show tc"
+    echo "   show vardir"
+    echo "   show zones"
    echo "   start [ -f ] [ -n ] [ -p ] [ <directory> ]"
    echo "   stop [ -f ]"
    echo "   status"
@ -1635,7 +1648,7 @@ case "$COMMAND" in
 	shift
 	check_command $@
 	;;
-    show)
+    show|list)
 	get_config Yes No Yes
    	shift
    	show_command $@
@ -1752,12 +1765,6 @@ case "$COMMAND" in
 	shift
 	add_command $@
 	;;
-    list)
-	get_config
-	shift;
-	[ $# -eq 1 ] || usage 1
-	list_command $1
-	;;
    save)
 	get_config
 	[ -n "$debugging" ] && set -x