extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-11 21:08:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add current and limit to conntrack table display

Browse Source
This commit is contained in:
Tom Eastep 2009-12-12 09:10:24 -08:00
parent c56ff69c8f
commit 43c45a064c
4 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -28,6 +28,8 @@ Changes in Shorewall 4.4.5
14) Remove silly logic in expand_rule(). 14) Remove silly logic in expand_rule().
15) Add current and limit to Conntrack Table Heading.
Changes in Shorewall 4.4.4 Changes in Shorewall 4.4.4
1) Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf. 1) Change STARTUP_LOG and LOG_VERBOSITY in default shorewall6.conf.

9
Shorewall/lib.cli
View File

@ -453,7 +453,9 @@ show_command() {
case "$1" in case "$1" in
connections) connections)
[ $# -gt 1 ] && usage 1 [ $# -gt 1 ] && usage 1
echo "$PRODUCT $version Connections at $HOSTNAME - $(date)" local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
echo "$PRODUCT $version Connections ($count out of $max) at $HOSTNAME - $(date)"
echo echo
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
;; ;;
@ -728,7 +730,10 @@ dump_command() {
heading "Raw Table" heading "Raw Table"
$IPTABLES -t raw -L $IPT_OPTIONS $IPTABLES -t raw -L $IPT_OPTIONS
heading "Conntrack Table" local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
heading "Conntrack Table ($count out of $max)"
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
heading "IP Configuration" heading "IP Configuration"

12
Shorewall/releasenotes.txt
View File

@ -249,6 +249,18 @@ None.
3) Systems that do not log Netfilter messages locally can now set 3) Systems that do not log Netfilter messages locally can now set
LOGFILE=/dev/null in shorewall.conf. LOGFILE=/dev/null in shorewall.conf.
4) The 'shorewall show connections' and 'shorewall dump' commands now
display the current number of connections and the max supported
connections.
Example:
shorewall show connections
Shorewall 4.5.0 Connections (62 out of 65536) at gateway - Sat ...
In that case, there were 62 current connections out of a maximum
number supported of 65536.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 0 N E W F E A T U R E S I N 4 . 4 . 0
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

9
Shorewall6/lib.cli
View File

@ -406,7 +406,9 @@ show_command() {
case "$1" in case "$1" in
connections) connections)
[ $# -gt 1 ] && usage 1 [ $# -gt 1 ] && usage 1
echo "$PRODUCT $version Connections at $HOSTNAME - $(date)" local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
echo "$PRODUCT $version Connections ($count of $max) at $HOSTNAME - $(date)"
echo echo
grep '^ipv6' /proc/net/nf_conntrack grep '^ipv6' /proc/net/nf_conntrack
;; ;;
@ -659,7 +661,10 @@ dump_command() {
heading "Raw Table" heading "Raw Table"
$IP6TABLES -t raw -L $IPT_OPTIONS $IP6TABLES -t raw -L $IPT_OPTIONS
heading "Conntrack Table" local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
heading "Conntrack Table ($count out of $max)"
grep '^ipv6' /proc/net/nf_conntrack grep '^ipv6' /proc/net/nf_conntrack
heading "IP Configuration" heading "IP Configuration"