extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-25 23:19:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make Shorewall quieter

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-01-23 01:41:24 +00:00
parent 48d828a03c
commit 5eecd59292
7 changed files with 86 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -24,3 +24,5 @@ Changes in 3.1.x.
11) Fix 'check' bug in setup_masq 11) Fix 'check' bug in setup_masq
12) Break compiler/firewall into two files 12) Break compiler/firewall into two files
13) Make Shoreall quiet for a change.

8
Shorewall/compiler
View File

@ -956,7 +956,7 @@ determine_hosts() {
eval ${zone}_hosts="\$hosts" eval ${zone}_hosts="\$hosts"
if [ -n "$hosts" ]; then if [ -n "$hosts" ]; then
[ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts [ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts
else else
error_message "WARNING: Zone $zone is empty" error_message "WARNING: Zone $zone is empty"
fi fi
@ -6983,7 +6983,7 @@ initialize_netfilter () {
determine_zones determine_zones
if [ $QUIET -lt 2 ]; then if [ $VERBOSE -ge 1 ]; then
display_list "IPv4 Zones:" $IPV4_ZONES display_list "IPv4 Zones:" $IPV4_ZONES
[ -n "$IPSEC_ZONES" ] && \ [ -n "$IPSEC_ZONES" ] && \
display_list "IPSEC Zones:" $IPSEC_ZONES display_list "IPSEC Zones:" $IPSEC_ZONES
@ -8395,7 +8395,7 @@ __EOF__
# These variables are required by the library functions called in this script # These variables are required by the library functions called in this script
# #
[ -n \${COMMAND:=restart} ] [ -n \${COMMAND:=restart} ]
[ -n \${QUIET:=0} ] [ -n \${VERBOSE:=0} ]
MODULESDIR="$MODULESDIR" MODULESDIR="$MODULESDIR"
MODULE_SUFFIX="$MODULE_SUFFIX" MODULE_SUFFIX="$MODULE_SUFFIX"
LOGLIMIT="$LOGLIMIT" LOGLIMIT="$LOGLIMIT"
@ -8703,7 +8703,7 @@ do_initialize() {
FUNCTIONS=$SHARED_DIR/functions FUNCTIONS=$SHARED_DIR/functions
if [ -f $FUNCTIONS ]; then if [ -f $FUNCTIONS ]; then
[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..." [ $VERBOSE -ge 2 ] && echo "Loading $FUNCTIONS..."
. $FUNCTIONS . $FUNCTIONS
else else
startup_error "$FUNCTIONS does not exist!" startup_error "$FUNCTIONS does not exist!"

6
Shorewall/firewall
View File

@ -1036,7 +1036,7 @@ determine_hosts() {
eval ${zone}_hosts="\$hosts" eval ${zone}_hosts="\$hosts"
if [ -n "$hosts" ]; then if [ -n "$hosts" ]; then
[ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts [ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts
else else
error_message "WARNING: Zone $zone is empty" error_message "WARNING: Zone $zone is empty"
fi fi
@ -7169,7 +7169,7 @@ initialize_netfilter () {
determine_zones determine_zones
if [ $QUIET -lt 2 ]; then if [ $VERBOSE -ge 1 ]; then
display_list "IPv4 Zones:" $IPV4_ZONES display_list "IPv4 Zones:" $IPV4_ZONES
[ -n "$IPSEC_ZONES" ] && \ [ -n "$IPSEC_ZONES" ] && \
display_list "IPSEC Zones:" $IPSEC_ZONES display_list "IPSEC Zones:" $IPSEC_ZONES
@ -8814,7 +8814,7 @@ do_initialize() {
FUNCTIONS=$SHARED_DIR/functions FUNCTIONS=$SHARED_DIR/functions
if [ -f $FUNCTIONS ]; then if [ -f $FUNCTIONS ]; then
[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..." [ $VERBOSE -gt 1 ] && echo "Loading $FUNCTIONS..."
. $FUNCTIONS . $FUNCTIONS
else else
startup_error "$FUNCTIONS does not exist!" startup_error "$FUNCTIONS does not exist!"

6
Shorewall/functions
View File

@ -67,12 +67,12 @@ list_count() {
# #
progress_message() # $* = Message progress_message() # $* = Message
{ {
[ $QUIET -lt 1 ] && echo "$@" [ $VERBOSE -gt 1 ] && echo "$@"
} }
progress_message2() # $* = Message progress_message2() # $* = Message
{ {
[ $QUIET -lt 2 ] && echo "$@" [ $VERBOSE -gt 0 ] && echo "$@"
} }
# #
@ -1137,7 +1137,7 @@ report_capability() # $1 = Capability Description , $2 Capability Setting (if an
} }
report_capabilities() { report_capabilities() {
if [ $QUIET -lt 2 ]; then if [ $VERBOSE -gt 1 ]; then
echo "Shorewall has detected the following iptables/netfilter capabilities:" echo "Shorewall has detected the following iptables/netfilter capabilities:"
report_capability "NAT" $NAT_ENABLED report_capability "NAT" $NAT_ENABLED
report_capability "Packet Mangling" $MANGLE_ENABLED report_capability "Packet Mangling" $MANGLE_ENABLED

6
Shorewall/prog.footer
View File

@ -22,9 +22,9 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
while [ -n "$option" ]; do while [ -n "$option" ]; do
case $option in case $option in
q*) v*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE + 1 ))
option=${option#q} option=${option#v}
;; ;;
n*) n*)
NOROUTES=Yes NOROUTES=Yes

15
Shorewall/releasenotes.txt
View File

@ -31,6 +31,21 @@ Problems Corrected in 3.1.4
1) "shorewall check" generates an error if there are entries in 1) "shorewall check" generates an error if there are entries in
/etc/shorewall/massq. /etc/shorewall/massq.
New Features added in 3.1.4
1) The /etc/shorewall/maclist file has a new column layout. The first column is
now DISPOSITION. This column determines what to do with matching packets and
can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it can also
contain REJECT). This change is upward compatible so your existing maclist
file can still be used.
2) Shorewall has always been very noisy (lots of messages). No more. The default
is now to be very quiet and you get more detail using the -v option (or -vv if
you want the old noisy behavior). The -q option is still supported but only
reverses the effect of -v. So "shorewall start -qqvv" is still completely quiet
while "shorewall start -vv" gives the same amount of output as the old "shorewall
start" did.
Migration Considerations: Migration Considerations:
None. None.

89
Shorewall/shorewall
View File

@ -279,7 +279,7 @@ packet_log() # $1 = number of messages
[ -n "$realtail" ] && options="-n$1" [ -n "$realtail" ] && options="-n$1"
if [ -n "$VERBOSE" ]; then if [ $VERBOSE -gt 1 ]; then
grep "${LOGFORMAT}" $LOGFILE | \ grep "${LOGFORMAT}" $LOGFILE | \
sed s/" kernel:"// | \ sed s/" kernel:"// | \
sed s/" $host $LOGFORMAT"/" "/ | \ sed s/" $host $LOGFORMAT"/" "/ | \
@ -507,9 +507,13 @@ start_command() {
option= option=
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE - 1 ))
option=${option#q} option=${option#q}
;; ;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
f*) f*)
FAST=Yes FAST=Yes
option=${option#f} option=${option#f}
@ -612,9 +616,13 @@ compile_command() {
option=${option#e} option=${option#e}
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE - 1 ))
option=${option#q} option=${option#q}
;; ;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
p*) p*)
export PROGRAM=Yes export PROGRAM=Yes
option=${option#p} option=${option#p}
@ -685,9 +693,13 @@ restart_command() {
option= option=
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE - 1 ))
option=${option#q} option=${option#q}
;; ;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
n*) n*)
NOROUTES=Yes NOROUTES=Yes
option=${option#n} option=${option#n}
@ -750,9 +762,13 @@ check_command() {
option= option=
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE - 1 ))
option=${option#q} option=${option#q}
;; ;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
*) *)
usage 1 usage 1
;; ;;
@ -811,9 +827,13 @@ reload_command() {
option= option=
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE - 1 ))
option=${option#q} option=${option#q}
;; ;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
n*) n*)
NOROUTES=Yes NOROUTES=Yes
option=${option#n} option=${option#n}
@ -858,7 +878,7 @@ reload_command() {
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then
$0 nolock $(make_quiet) restore .reload $0 nolock $(make_verbose) restore .reload
fi fi
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
@ -882,8 +902,8 @@ show_command() {
option= option=
;; ;;
v*) v*)
VERBOSE=Yes VERBOSE=$(($VERBOSE + 1 ))
option=${option#v} option=${option#q}
;; ;;
*) *)
usage 1 usage 1
@ -1019,8 +1039,8 @@ dump_command() {
option= option=
;; ;;
v*) v*)
VERBOSE=Yes VERBOSE=$(($VERBOSE + 1 ))
option=${option#v} option=${option#q}
;; ;;
*) *)
usage 1 usage 1
@ -1131,9 +1151,13 @@ restore_command() {
option= option=
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE + 1 ))
option=${option#q} option=${option#q}
;; ;;
v*)
VERBOSE=$(($VERBOSE + 1 ))
option=${option#v}
;;
n*) n*)
NOROUTES=Yes NOROUTES=Yes
option=${option#n} option=${option#n}
@ -1287,15 +1311,15 @@ heading() {
# #
# Create the appropriate -q option to pass oneward # Create the appropriate -q option to pass oneward
# #
make_quiet() { make_verbose() {
local q=$QUIET local v=$VERBOSE
if [ $QUIET -gt 0 ]; then if [ $VERBOSE -gt 0 ]; then
local option=- local option=-
while [ $q -gt 0 ]; do while [ $v -gt 0 ]; do
option="${option}q" option="${option}v"
q=$(($q - 1)) v=$(($v - 1))
done done
echo $option echo $option
@ -1320,10 +1344,9 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
fi fi
SHOREWALL_DIR= SHOREWALL_DIR=
export QUIET=0
IPT_OPTIONS="-nv" IPT_OPTIONS="-nv"
FAST= FAST=
VERBOSE= export VERBOSE=0
NOROUTES= NOROUTES=
EXPORT= EXPORT=
noroutes= noroutes=
@ -1368,7 +1391,7 @@ while [ $finished -eq 0 ]; do
option=${option#x} option=${option#x}
;; ;;
q*) q*)
QUIET=$(($QUIET + 1 )) VERBOSE=$(($VERBOSE - 1 ))
option=${option#q} option=${option#q}
;; ;;
f*) f*)
@ -1376,8 +1399,8 @@ while [ $finished -eq 0 ]; do
option=${option#f} option=${option#f}
;; ;;
v*) v*)
VERBOSE=Yes VERBOSE=$(($VERBOSE + 1 ))
option=${option#v} option=${option#q}
;; ;;
n*) n*)
NOROUTES=Yes NOROUTES=Yes
@ -1612,17 +1635,17 @@ case "$COMMAND" in
try) try)
[ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\"" [ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\""
[ $# -lt 2 -o $# -gt 3 ] && usage 1 [ $# -lt 2 -o $# -gt 3 ] && usage 1
[ -n "$QUIET" ] && QUIET=$(make_quiet) [ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
[ -n "$NOROUTES" ] && NOROUTES=-n [ -n "$NOROUTES" ] && NOROUTES=-n
if ! $0 $debugging $QUIET -c $2 restart; then if ! $0 $debugging $VERBOSE -c $2 restart; then
if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
$0 $QUIET $NOROUTES start $0 $VERBOSE $NOROUTES start
fi fi
elif ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then elif ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
$0 $QUIET $NOROUTES start $0 $VERBOSE $NOROUTES start
elif [ $# -eq 3 ]; then elif [ $# -eq 3 ]; then
sleep $3 sleep $3
$0 $QUIET $NOROUTES restart $0 $VERBOSE $NOROUTES restart
fi fi
;; ;;
logwatch) logwatch)
@ -1642,8 +1665,8 @@ case "$COMMAND" in
while [ -n "$option" ]; do while [ -n "$option" ]; do
case $option in case $option in
v*) v*)
VERBOSE=Yes VERBOSE=$(($VERBOSE + 1 ))
option=${option#e} option=${option#q}
;; ;;
-) -)
finished=1 finished=1
@ -1836,7 +1859,7 @@ case "$COMMAND" in
exit 2 exit 2
fi fi
[ -n "$QUIET" ] && QUIET=$(make_quiet) [ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
mutex_on mutex_on
@ -1850,7 +1873,7 @@ case "$COMMAND" in
if [ "$1" = "safe-start" -a $running -eq 0 ] if [ "$1" = "safe-start" -a $running -eq 0 ]
then then
# the command is safe-start but the firewall is already running # the command is safe-start but the firewall is already running
$0 $debugging nolock $QUIET start $0 $debugging nolock $VERBOSE start
ret=$? ret=$?
mutex_off mutex_off
exit 0 exit 0
@ -1871,7 +1894,7 @@ case "$COMMAND" in
$0 $debugging nolock save "safe-start-restart" $0 $debugging nolock save "safe-start-restart"
fi fi
$0 $debugging nolock $QUIET $command $0 $debugging nolock $VERBOSE $command
echo -n "Do you want to accept the new firewall configuration? [y/n] " echo -n "Do you want to accept the new firewall configuration? [y/n] "
read_yesno_with_timeout read_yesno_with_timeout