From 2fa7e119766623021498ea18f74e132d778c1174 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 1 Oct 2010 07:38:14 -0700 Subject: [PATCH] Add 'scfilter' extension script Signed-off-by: Tom Eastep --- Shorewall/lib.cli | 22 ++++++++++++++++++++-- Shorewall6/lib.cli | 18 ++++++++++++++++-- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index b1a6f41ca..f829c3d0c 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -433,6 +433,20 @@ list_zone() { done } +# +# Show Filter +# +show_connections_filter() { + my filter + filter=$(find_file scfilter) + + if [ -x $filter ]; then + $filter + else + cat - + fi +} + # # Show Command Executor # @@ -539,9 +553,13 @@ show_command() { echo if qt mywhich conntrack ; then - conntrack -f ipv4 -L + conntrack -f ipv4 -L | show_connections_filter else - [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack + if [ -f /proc/net/ip_conntrack ]; then + cat /proc/net/ip_conntrack | show_connections_filter + else + grep -v '^ipv6' /proc/net/nf_conntrack | show_connections_filter + fi fi ;; nat) diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli index a332fbfe1..a3bc706e3 100644 --- a/Shorewall6/lib.cli +++ b/Shorewall6/lib.cli @@ -357,6 +357,20 @@ show_routing() { fi } +# +# Show Connections Filter +# +show_connections_filter() { + my filter + filter=$(find_file scfilter) + + if [ -x $filter ]; then + $filter + else + cat - + fi +} + # # Show Command Executor # @@ -451,13 +465,13 @@ show_command() { if mywhich conntrack ; then echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)" echo - conntrack -f ipv6 -L + conntrack -f ipv6 -L | show_connections_filter else local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)" echo - grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' + grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter fi ;; tos|mangle)