extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 17:13:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make the 'show' command more helpful when there's an error

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6695 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-28 18:21:28 +00:00
parent c41d3fee71
commit 3eda07bab4
6 changed files with 89 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Shorewall-common/lib.cli
View File

@ -382,7 +382,7 @@ show_routing() {
# Show Command Executor # Show Command Executor
# #
show_command() { show_command() {
local finished=0 local table=filter local finished=0 local table=filter table_given=
show_macro() { show_macro() {
foo=`grep 'This macro' $macro | sed 's/This macro //'` foo=`grep 'This macro' $macro | sed 's/This macro //'`
@ -427,6 +427,7 @@ show_command() {
case $2 in case $2 in
mangle|nat|filter|raw) mangle|nat|filter|raw)
table=$2 table=$2
table_given=Yes
;; ;;
*) *)
fatal_error "Invalid table name ($s)" fatal_error "Invalid table name ($s)"
@ -542,6 +543,19 @@ show_command() {
echo "Default CONFIG_PATH is $CONFIG_PATH" echo "Default CONFIG_PATH is $CONFIG_PATH"
echo "LITEDIR is $LITEDIR" echo "LITEDIR is $LITEDIR"
;; ;;
chain)
shift
echo "$PRODUCT $version $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $HOSTNAME - $(date)"
echo
show_reset
if [ $# -gt 0 ]; then
for chain in $*; do
$IPTABLES -t $table -L $chain $IPT_OPTIONS
done
else
$IPTABLES -t $table -L $IPT_OPTIONS
fi
;;
*) *)
if [ "$PRODUCT" = Shorewall ]; then if [ "$PRODUCT" = Shorewall ]; then
case $1 in case $1 in
@ -585,14 +599,24 @@ show_command() {
esac esac
fi fi
echo "$PRODUCT $version $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $HOSTNAME - $(date)"
echo
show_reset
if [ $# -gt 0 ]; then if [ $# -gt 0 ]; then
[ -n "$table_given" ] || for chain in $*; do
if ! qt $IPTABLES -t $table -L $chain $IPT_OPTIONS; then
echo "usage $(basename $0) show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones} ] " >&2
exit 1
fi
done
echo "$PRODUCT $version $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $HOSTNAME - $(date)"
echo
show_reset
for chain in $*; do for chain in $*; do
$IPTABLES -t $table -L $chain $IPT_OPTIONS $IPTABLES -t $table -L $chain $IPT_OPTIONS
done done
else else
echo "$PRODUCT $version $table Table at $HOSTNAME - $(date)"
echo
show_reset
$IPTABLES -t $table -L $IPT_OPTIONS $IPTABLES -t $table -L $IPT_OPTIONS
fi fi
;; ;;

2
Shorewall-common/shorewall
View File

@ -1311,7 +1311,7 @@ usage() # $1 = exit status
echo " restart [ -n ] [ -C {shell|perl} ] [ <directory> ]" echo " restart [ -n ] [ -C {shell|perl} ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]" echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones} ]"
echo " start [ -f ] [ -n ] [ -C {shell|perl} ] [ <directory> ]" echo " start [ -f ] [ -n ] [ -C {shell|perl} ] [ <directory> ]"
echo " stop" echo " stop"
echo " status" echo " status"

2
Shorewall-lite/shorewall-lite
View File

@ -368,7 +368,7 @@ usage() # $1 = exit status
echo " restart [ -n ]" echo " restart [ -n ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [ -f ] [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|ip|log|mangle|nat|routing|tc|zones]" echo " show [ -x ] [ -m ] [ -f ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|ip|log|mangle|nat|routing|tc|zones} ]"
echo " start [ -f ] [ -n ]" echo " start [ -f ] [ -n ]"
echo " stop" echo " stop"
echo " status" echo " status"

10
docs/Introduction.xml
View File

@ -33,12 +33,12 @@
</articleinfo> </articleinfo>
<section> <section>
<title>Introduction</title> <title id="Intro">Introduction</title>
<para>The information in this document applies only to 4.x releases of <para>The information in this document applies only to 4.x releases of
Shorewall.</para> Shorewall.</para>
<section> <section id="Glossary">
<title>Glossary</title> <title>Glossary</title>
<itemizedlist> <itemizedlist>
@ -109,7 +109,7 @@
</section> </section>
</section> </section>
<section> <section id="Concepts">
<title>Shorewall Concepts</title> <title>Shorewall Concepts</title>
<para>The configuration files for Shorewall are contained in the directory <para>The configuration files for Shorewall are contained in the directory
@ -306,7 +306,7 @@ ACCEPT net $FW tcp 22</programlisting>
</section> </section>
<section> <section>
<title>Shorewall Packages</title> <title id="Packages">Shorewall Packages</title>
<para>Shorewall 4.0 consists of four packages.</para> <para>Shorewall 4.0 consists of four packages.</para>
@ -347,7 +347,7 @@ ACCEPT net $FW tcp 22</programlisting>
Shorewall-perl</para> Shorewall-perl</para>
</section> </section>
<section> <section id="License">
<title>License</title> <title>License</title>
<para>This program is free software; you can redistribute it and/or modify <para>This program is free software; you can redistribute it and/or modify

50
manpages-lite/shorewall-lite.xml
View File

@ -189,7 +189,8 @@
<arg><option>-t</option> <arg><option>-t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>}</arg> {<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>}</arg>
<arg rep="repeat"><replaceable>chain</replaceable></arg> <arg><arg><option>chain</option></arg><arg choice="plain"
rep="repeat"><replaceable>chain</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -537,28 +538,6 @@
arguments:</para> arguments:</para>
<variablelist> <variablelist>
<varlistentry>
<term>[ <emphasis>chain</emphasis> ] ...</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
displayed ssing the <emphasis role="bold">iptables
-L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <emphasis
role="bold">-x</emphasis> option is passed directly through to
iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are
abbreviated.</para>
<para>The <emphasis role="bold">-t</emphasis> option
designates the Netfilter table to be displayed. Without that
option, the <emphasis role="bold">filter</emphasis> table is
assumed.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">actions</emphasis></term> <term><emphasis role="bold">actions</emphasis></term>
@ -579,6 +558,31 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>
... ]</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
displayed using the <emphasis role="bold">iptables
-L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <emphasis
role="bold">-x</emphasis> option is passed directly through to
iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are abbreviated.
The <emphasis role="bold">-t</emphasis> option specifies the
Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
<para>If the <emphasis role="bold">t</emphasis> option and the
<option>chain</option> keyword both omitted and any of the
listed <replaceable>chain</replaceable>s do not exist, a usage
message will be displayed.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">classifiers</emphasis></term> <term><emphasis role="bold">classifiers</emphasis></term>

47
manpages/shorewall.xml
View File

@ -351,7 +351,8 @@
<arg><option>-t</option> <arg><option>-t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>}</arg> {<option>filter</option>|<option>mangle</option>|<option>nat</option>|<option>raw</option>}</arg>
<arg rep="repeat"><replaceable>chain</replaceable></arg> <arg><arg><option>chain</option></arg><arg choice="plain"
rep="repeat"><replaceable>chain</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -978,25 +979,6 @@
arguments:</para> arguments:</para>
<variablelist> <variablelist>
<varlistentry>
<term>[ <emphasis>chain</emphasis> ] ...</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
displayed ssing the <emphasis role="bold">iptables
-L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <emphasis
role="bold">-x</emphasis> option is passed directly through to
iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are abbreviated.
The <emphasis role="bold">-t</emphasis> option specifies the
Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">actions</emphasis></term> <term><emphasis role="bold">actions</emphasis></term>
@ -1017,6 +999,31 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>[ [ <option>chain</option> ] <emphasis>chain</emphasis>...
]</term>
<listitem>
<para>The rules in each <emphasis>chain</emphasis> are
displayed using the <emphasis role="bold">iptables
-L</emphasis> <emphasis>chain</emphasis> <emphasis
role="bold">-n -v</emphasis> command. If no
<emphasis>chain</emphasis> is given, all of the chains in the
filter table are displayed. The <emphasis
role="bold">-x</emphasis> option is passed directly through to
iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are abbreviated.
The <emphasis role="bold">-t</emphasis> option specifies the
Netfilter table to display. The default is <emphasis
role="bold">filter</emphasis>.</para>
<para>If the <emphasis role="bold">t</emphasis> option and the
<option>chain</option> keyword both omitted and any of the
listed <replaceable>chain</replaceable>s do not exist,
a</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">classifiers</emphasis></term> <term><emphasis role="bold">classifiers</emphasis></term>