Add 'scfilter' extension script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-10-01 07:38:14 -07:00
parent 3898edfddb
commit 2fa7e11976
2 changed files with 36 additions and 4 deletions

View File

@ -433,6 +433,20 @@ list_zone() {
done done
} }
#
# Show Filter
#
show_connections_filter() {
my filter
filter=$(find_file scfilter)
if [ -x $filter ]; then
$filter
else
cat -
fi
}
# #
# Show Command Executor # Show Command Executor
# #
@ -539,9 +553,13 @@ show_command() {
echo echo
if qt mywhich conntrack ; then if qt mywhich conntrack ; then
conntrack -f ipv4 -L conntrack -f ipv4 -L | show_connections_filter
else else
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack if [ -f /proc/net/ip_conntrack ]; then
cat /proc/net/ip_conntrack | show_connections_filter
else
grep -v '^ipv6' /proc/net/nf_conntrack | show_connections_filter
fi
fi fi
;; ;;
nat) nat)

View File

@ -357,6 +357,20 @@ show_routing() {
fi fi
} }
#
# Show Connections Filter
#
show_connections_filter() {
my filter
filter=$(find_file scfilter)
if [ -x $filter ]; then
$filter
else
cat -
fi
}
# #
# Show Command Executor # Show Command Executor
# #
@ -451,13 +465,13 @@ show_command() {
if mywhich conntrack ; then if mywhich conntrack ; then
echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)" echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
echo echo
conntrack -f ipv6 -L conntrack -f ipv6 -L | show_connections_filter
else else
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)" echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
echo echo
grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
fi fi
;; ;;
tos|mangle) tos|mangle)