Make Shorewall quieter

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -24,3 +24,5 @@ Changes in 3.1.x.
 11) Fix 'check' bug in setup_masq
 
 12) Break compiler/firewall into two files
+
+13) Make Shoreall quiet for a change.

Shorewall/compiler

@@ -956,7 +956,7 @@ determine_hosts() {
 	eval ${zone}_hosts="\$hosts"
 
 	if [ -n "$hosts" ]; then
-	    [ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts
+	    [ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts
 	else
 	    error_message "WARNING: Zone $zone is empty"
 	fi
@@ -6983,7 +6983,7 @@ initialize_netfilter () {
 
     determine_zones
 
-    if [ $QUIET -lt 2 ]; then
+    if [ $VERBOSE -ge 1 ]; then
 	display_list "IPv4 Zones:" $IPV4_ZONES
 	[ -n "$IPSEC_ZONES" ] && \
 	    display_list "IPSEC Zones:" $IPSEC_ZONES
@@ -8395,7 +8395,7 @@ __EOF__
     # These variables are required by the library functions called in this script
     #
     [ -n \${COMMAND:=restart} ]
-    [ -n \${QUIET:=0} ]
+    [ -n \${VERBOSE:=0} ]
     MODULESDIR="$MODULESDIR"
     MODULE_SUFFIX="$MODULE_SUFFIX"
     LOGLIMIT="$LOGLIMIT"
@@ -8703,7 +8703,7 @@ do_initialize() {
     FUNCTIONS=$SHARED_DIR/functions
 
     if [ -f $FUNCTIONS ]; then
-	[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..."
+	[ $VERBOSE -ge 2 ] && echo "Loading $FUNCTIONS..."
 	. $FUNCTIONS
     else
 	startup_error "$FUNCTIONS does not exist!"

Shorewall/firewall

@@ -1036,7 +1036,7 @@ determine_hosts() {
 	eval ${zone}_hosts="\$hosts"
 
 	if [ -n "$hosts" ]; then
-	    [ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts
+	    [ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts
 	else
 	    error_message "WARNING: Zone $zone is empty"
 	fi
@@ -7169,7 +7169,7 @@ initialize_netfilter () {
 
     determine_zones
 
-    if [ $QUIET -lt 2 ]; then
+    if [ $VERBOSE -ge 1 ]; then
 	display_list "IPv4 Zones:" $IPV4_ZONES
 	[ -n "$IPSEC_ZONES" ] && \
 	    display_list "IPSEC Zones:" $IPSEC_ZONES
@@ -8814,7 +8814,7 @@ do_initialize() {
     FUNCTIONS=$SHARED_DIR/functions
 
     if [ -f $FUNCTIONS ]; then
-	[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..."
+	[ $VERBOSE -gt 1 ] && echo "Loading $FUNCTIONS..."
 	. $FUNCTIONS
     else
 	startup_error "$FUNCTIONS does not exist!"

Shorewall/functions

@@ -67,12 +67,12 @@ list_count() {
 #
 progress_message() # $* = Message
 {
-    [ $QUIET -lt 1 ] && echo "$@"
+    [ $VERBOSE -gt 1 ] && echo "$@"
 }
 
 progress_message2() # $* = Message
 {
-    [ $QUIET -lt 2 ] && echo "$@"
+    [ $VERBOSE -gt 0 ] && echo "$@"
 }
 
 #
@@ -1137,7 +1137,7 @@ report_capability() # $1 = Capability Description , $2 Capability Setting (if an
 }
 
 report_capabilities() {
-    if [ $QUIET -lt 2 ]; then
+    if [ $VERBOSE -gt 1 ]; then
 	echo "Shorewall has detected the following iptables/netfilter capabilities:"
 	report_capability "NAT" $NAT_ENABLED
 	report_capability "Packet Mangling" $MANGLE_ENABLED

Shorewall/prog.footer

@@ -22,9 +22,9 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
 
 	    while [ -n "$option" ]; do
 		case $option in
-		    q*)
-			QUIET=$(($QUIET + 1 ))
-			option=${option#q}
+		    v*)
+			VERBOSE=$(($VERBOSE + 1 ))
+			option=${option#v}
 			;;
 		    n*)
 			NOROUTES=Yes

Shorewall/releasenotes.txt

@@ -31,6 +31,21 @@ Problems Corrected in 3.1.4
 1) "shorewall check" generates an error if there are entries in
    /etc/shorewall/massq.
 
+New Features added in 3.1.4
+
+1) The /etc/shorewall/maclist file has a new column layout. The first column is
+   now DISPOSITION. This column determines what to do with matching packets and
+   can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it can also
+   contain REJECT). This change is upward compatible so your existing maclist
+   file can still be used.
+
+2) Shorewall has always been very noisy (lots of messages). No more. The default
+   is now to be very quiet and you get more detail using the -v option (or -vv if
+   you want the old noisy behavior). The -q option is still supported but only
+   reverses the effect of -v. So "shorewall start -qqvv" is still completely quiet
+   while "shorewall start -vv" gives the same amount of output as the old "shorewall
+   start" did.
+
 Migration Considerations:
 
 None.

Shorewall/shorewall

@@ -279,7 +279,7 @@ packet_log() # $1 = number of messages
 
     [ -n "$realtail" ] && options="-n$1"
 
-    if [ -n "$VERBOSE" ]; then
+    if [ $VERBOSE -gt 1 ]; then
 	grep "${LOGFORMAT}" $LOGFILE | \
 	    sed s/" kernel:"// | \
 	    sed s/" $host $LOGFORMAT"/" "/ | \
@@ -507,9 +507,13 @@ start_command() {
 			    option=
 			    ;;
 			q*)
-			    QUIET=$(($QUIET + 1 ))
+			    VERBOSE=$(($VERBOSE - 1 ))
 			    option=${option#q}
 			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
 			f*)
 			    FAST=Yes
 			    option=${option#f}
@@ -612,9 +616,13 @@ compile_command() {
 			    option=${option#e}
 			    ;;
 			q*)
-			    QUIET=$(($QUIET + 1 ))
+			    VERBOSE=$(($VERBOSE - 1 ))
 			    option=${option#q}
 			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
 			p*)
 			    export PROGRAM=Yes
 			    option=${option#p}
@@ -685,9 +693,13 @@ restart_command() {
 			    option=
 			    ;;
 			q*)
-			    QUIET=$(($QUIET + 1 ))
+			    VERBOSE=$(($VERBOSE - 1 ))
 			    option=${option#q}
 			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
 			n*)
 			    NOROUTES=Yes
 			    option=${option#n}
@@ -750,9 +762,13 @@ check_command() {
 			    option=
 			    ;;
 			q*)
-			    QUIET=$(($QUIET + 1 ))
+			    VERBOSE=$(($VERBOSE - 1 ))
 			    option=${option#q}
 			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
 			*)
 			    usage 1
 			    ;;
@@ -811,9 +827,13 @@ reload_command() {
 			    option=
 			    ;;
 			q*)
-			    QUIET=$(($QUIET + 1 ))
+			    VERBOSE=$(($VERBOSE - 1 ))
 			    option=${option#q}
 			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
 			n*)
 			    NOROUTES=Yes
 			    option=${option#n}
@@ -858,7 +878,7 @@ reload_command() {
     [ -n "$nolock" ] || mutex_on
 
     if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then
-	$0 nolock $(make_quiet) restore .reload
+	$0 nolock $(make_verbose) restore .reload
     fi
 
     [ -n "$nolock" ] || mutex_off
@@ -882,8 +902,8 @@ show_command() {
 			    option=
 			    ;;
 			v*)
-			    VERBOSE=Yes
-			    option=${option#v}
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#q}
 			    ;;
 			*)
 			    usage 1
@@ -1019,8 +1039,8 @@ dump_command() {
 			    option=
 			    ;;
 			v*)
-			    VERBOSE=Yes
-			    option=${option#v}
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#q}
 			    ;;
 			*)
 			    usage 1
@@ -1131,9 +1151,13 @@ restore_command() {
 			    option=
 			    ;;
 			q*)
-			    QUIET=$(($QUIET + 1 ))
+			    VERBOSE=$(($VERBOSE + 1 ))
 			    option=${option#q}
 			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
 			n*)
 			    NOROUTES=Yes
 			    option=${option#n}
@@ -1287,15 +1311,15 @@ heading() {
 #
 # Create the appropriate -q option to pass oneward
 #
-make_quiet() {
-    local q=$QUIET
+make_verbose() {
+    local v=$VERBOSE
 
-    if [ $QUIET -gt 0 ]; then
+    if [ $VERBOSE -gt 0 ]; then
 	local option=-
 
-	while [ $q -gt 0 ]; do
-	    option="${option}q"
-	    q=$(($q - 1))
+	while [ $v -gt 0 ]; do
+	    option="${option}v"
+	    v=$(($v - 1))
 	done
 
 	echo $option
@@ -1320,10 +1344,9 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
 fi
 
 SHOREWALL_DIR=
-export QUIET=0
 IPT_OPTIONS="-nv"
 FAST=
-VERBOSE=
+export VERBOSE=0
 NOROUTES=
 EXPORT=
 noroutes=
@@ -1368,7 +1391,7 @@ while [ $finished -eq 0 ]; do
 			option=${option#x}
 			;;
 		    q*)
-			QUIET=$(($QUIET + 1 ))
+			VERBOSE=$(($VERBOSE - 1 ))
 			option=${option#q}
 			;;
 		    f*)
@@ -1376,8 +1399,8 @@ while [ $finished -eq 0 ]; do
 			option=${option#f}
 			;;
 		    v*)
-			VERBOSE=Yes
-			option=${option#v}
+			VERBOSE=$(($VERBOSE + 1 ))
+			option=${option#q}
 			;;
 		    n*)
 			NOROUTES=Yes
@@ -1612,17 +1635,17 @@ case "$COMMAND" in
     try)
 	[ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\""
 	[ $# -lt 2 -o $# -gt 3 ] && usage 1
-	[ -n "$QUIET" ] && QUIET=$(make_quiet)
+	[ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
 	[ -n "$NOROUTES" ] && NOROUTES=-n
-	if ! $0 $debugging $QUIET -c $2 restart; then
+	if ! $0 $debugging $VERBOSE -c $2 restart; then
 	    if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
-		$0 $QUIET $NOROUTES start
+		$0 $VERBOSE $NOROUTES start
 	    fi
 	elif ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
-	    $0 $QUIET $NOROUTES start
+	    $0 $VERBOSE $NOROUTES start
 	elif [ $# -eq 3 ]; then
 	    sleep $3
-	    $0 $QUIET $NOROUTES restart
+	    $0 $VERBOSE $NOROUTES restart
 	fi
 	;;
     logwatch)
@@ -1642,8 +1665,8 @@ case "$COMMAND" in
 		    while [ -n "$option" ]; do
 			case $option in
 			    v*)
-				VERBOSE=Yes
-				option=${option#e}
+				VERBOSE=$(($VERBOSE + 1 ))
+				option=${option#q}
 				;;
 			    -)
 				finished=1
@@ -1836,7 +1859,7 @@ case "$COMMAND" in
 	    exit 2
 	fi
 
-	[ -n "$QUIET" ] && QUIET=$(make_quiet)
+	[ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
 
 	mutex_on
 
@@ -1850,7 +1873,7 @@ case "$COMMAND" in
 	if [ "$1" = "safe-start" -a  $running -eq 0 ]
 	then
 	    # the command is safe-start but the firewall is already running
-	    $0 $debugging nolock $QUIET start
+	    $0 $debugging nolock $VERBOSE start
 	    ret=$?
 	    mutex_off
 	    exit 0
@@ -1871,7 +1894,7 @@ case "$COMMAND" in
 	    $0 $debugging nolock save "safe-start-restart"
 	fi
 
-	$0 $debugging nolock $QUIET $command
+	$0 $debugging nolock $VERBOSE $command
 
 	echo -n "Do you want to accept the new firewall configuration? [y/n] "
 	read_yesno_with_timeout