From 3eda07bab42c0a004b30264eee0c6811fa510374 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 28 Jun 2007 18:21:28 +0000 Subject: [PATCH] Make the 'show' command more helpful when there's an error git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6695 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/lib.cli | 32 +++++++++++++++++--- Shorewall-common/shorewall | 2 +- Shorewall-lite/shorewall-lite | 2 +- docs/Introduction.xml | 10 +++---- manpages-lite/shorewall-lite.xml | 50 +++++++++++++++++--------------- manpages/shorewall.xml | 47 +++++++++++++++++------------- 6 files changed, 89 insertions(+), 54 deletions(-) diff --git a/Shorewall-common/lib.cli b/Shorewall-common/lib.cli index f6d2385b3..156b4a68b 100644 --- a/Shorewall-common/lib.cli +++ b/Shorewall-common/lib.cli @@ -382,7 +382,7 @@ show_routing() { # Show Command Executor # show_command() { - local finished=0 local table=filter + local finished=0 local table=filter table_given= show_macro() { foo=`grep 'This macro' $macro | sed 's/This macro //'` @@ -427,6 +427,7 @@ show_command() { case $2 in mangle|nat|filter|raw) table=$2 + table_given=Yes ;; *) fatal_error "Invalid table name ($s)" @@ -542,6 +543,19 @@ show_command() { echo "Default CONFIG_PATH is $CONFIG_PATH" echo "LITEDIR is $LITEDIR" ;; + chain) + shift + echo "$PRODUCT $version $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $HOSTNAME - $(date)" + echo + show_reset + if [ $# -gt 0 ]; then + for chain in $*; do + $IPTABLES -t $table -L $chain $IPT_OPTIONS + done + else + $IPTABLES -t $table -L $IPT_OPTIONS + fi + ;; *) if [ "$PRODUCT" = Shorewall ]; then case $1 in @@ -585,14 +599,24 @@ show_command() { esac fi - echo "$PRODUCT $version $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $HOSTNAME - $(date)" - echo - show_reset if [ $# -gt 0 ]; then + [ -n "$table_given" ] || for chain in $*; do + if ! qt $IPTABLES -t $table -L $chain $IPT_OPTIONS; then + echo "usage $(basename $0) show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones} ] " >&2 + exit 1 + fi + done + + echo "$PRODUCT $version $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $HOSTNAME - $(date)" + echo + show_reset for chain in $*; do $IPTABLES -t $table -L $chain $IPT_OPTIONS done else + echo "$PRODUCT $version $table Table at $HOSTNAME - $(date)" + echo + show_reset $IPTABLES -t $table -L $IPT_OPTIONS fi ;; diff --git a/Shorewall-common/shorewall b/Shorewall-common/shorewall index 86debf904..2dab7566c 100755 --- a/Shorewall-common/shorewall +++ b/Shorewall-common/shorewall @@ -1311,7 +1311,7 @@ usage() # $1 = exit status echo " restart [ -n ] [ -C {shell|perl} ] [ ]" echo " restore [ -n ] [ ]" echo " save [ ]" - echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ [ ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]" + echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones} ]" echo " start [ -f ] [ -n ] [ -C {shell|perl} ] [ ]" echo " stop" echo " status" diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index 3ad1577b5..d689a57cf 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -368,7 +368,7 @@ usage() # $1 = exit status echo " restart [ -n ]" echo " restore [ -n ] [ ]" echo " save [ ]" - echo " show [ -x ] [ -m ] [ -f ] [ [ ... ]|capabilities|classifiers|config|connections|ip|log|mangle|nat|routing|tc|zones]" + echo " show [ -x ] [ -m ] [ -f ] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]|capabilities|classifiers|config|connections|ip|log|mangle|nat|routing|tc|zones} ]" echo " start [ -f ] [ -n ]" echo " stop" echo " status" diff --git a/docs/Introduction.xml b/docs/Introduction.xml index c8d91fd02..aeeba6339 100644 --- a/docs/Introduction.xml +++ b/docs/Introduction.xml @@ -33,12 +33,12 @@
- Introduction + Introduction The information in this document applies only to 4.x releases of Shorewall. -
+
Glossary @@ -109,7 +109,7 @@
-
+
Shorewall Concepts The configuration files for Shorewall are contained in the directory @@ -306,7 +306,7 @@ ACCEPT net $FW tcp 22
- Shorewall Packages + Shorewall Packages Shorewall 4.0 consists of four packages. @@ -347,7 +347,7 @@ ACCEPT net $FW tcp 22 Shorewall-perl
-
+
License This program is free software; you can redistribute it and/or modify diff --git a/manpages-lite/shorewall-lite.xml b/manpages-lite/shorewall-lite.xml index 5f6ff41a6..a27e6647b 100644 --- a/manpages-lite/shorewall-lite.xml +++ b/manpages-lite/shorewall-lite.xml @@ -189,7 +189,8 @@ {|||} - chain + chain @@ -537,28 +538,6 @@ arguments: - - [ chain ] ... - - - The rules in each chain are - displayed ssing the iptables - -L chain -n -v command. If no - chain is given, all of the chains in the - filter table are displayed. The -x option is passed directly through to - iptables and causes actual packet and byte counts to be - displayed. Without this option, those counts are - abbreviated. - - The -t option - designates the Netfilter table to be displayed. Without that - option, the filter table is - assumed. - - - actions @@ -579,6 +558,31 @@ + + [ [ ] chain + ... ] + + + The rules in each chain are + displayed using the iptables + -L chain -n -v command. If no + chain is given, all of the chains in the + filter table are displayed. The -x option is passed directly through to + iptables and causes actual packet and byte counts to be + displayed. Without this option, those counts are abbreviated. + The -t option specifies the + Netfilter table to display. The default is filter. + + If the t option and the + keyword both omitted and any of the + listed chains do not exist, a usage + message will be displayed. + + + classifiers diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index 13ea85320..ab88382c6 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -351,7 +351,8 @@ {|||} - chain + chain @@ -978,25 +979,6 @@ arguments: - - [ chain ] ... - - - The rules in each chain are - displayed ssing the iptables - -L chain -n -v command. If no - chain is given, all of the chains in the - filter table are displayed. The -x option is passed directly through to - iptables and causes actual packet and byte counts to be - displayed. Without this option, those counts are abbreviated. - The -t option specifies the - Netfilter table to display. The default is filter. - - - actions @@ -1017,6 +999,31 @@ + + [ [ ] chain... + ] + + + The rules in each chain are + displayed using the iptables + -L chain -n -v command. If no + chain is given, all of the chains in the + filter table are displayed. The -x option is passed directly through to + iptables and causes actual packet and byte counts to be + displayed. Without this option, those counts are abbreviated. + The -t option specifies the + Netfilter table to display. The default is filter. + + If the t option and the + keyword both omitted and any of the + listed chains do not exist, + a + + + classifiers