Add -x option to /sbin/shorewall

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1214 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2004-03-20 15:10:17 +00:00 · 2004-03-20 15:10:17 +00:00 · 5f554b61dd
commit 5f554b61dd
parent a3d8eb9d5b
4 changed files with 50 additions and 18 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -11,3 +11,5 @@ Changes since 2.0.0
 5) Add 'netmap'

 6) Fix another <zone>_frwd problem.
+
+7) Add -x option to /sbin/shorewall.
--- a/Shorewall2/help
+++ b/Shorewall2/help
@ -147,8 +147,13 @@ logwatch)

 monitor)
 	echo "monitor: monitor [<refresh_interval>]
+
+    shorewall [-x] monitor [<refresh_interval>]
+
    Continuously display the firewall status, last 20 log entries and nat.
-    When the log entry display changes, an audible alarm is sounded."
+    When the log entry display changes, an audible alarm is sounded.
+
+    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;

 refresh)
@ -185,14 +190,15 @@ save)
 	;;

 show)
-	echo "show: show [<chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
-    shorewall show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
+	echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
+
+    shorewall [-x] show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
    (iptables -L chain -n -v)

-    shorewall show nat - produce a verbose report about the nat table.
+    shorewall [-x] show nat - produce a verbose report about the nat table.
    (iptables -t nat -L -n -v)

-    shorewall show tos - produce a verbose report about the mangle table.
+    shorewall [-x] show tos - produce a verbose report about the mangle table.
    (iptables -t mangle -L -n -v)

    shorewall show log - display the last 20 packet log entries.
@ -201,7 +207,9 @@ show)
 	being tracked by the firewall.

    shorewall show tc - displays information about the traffic
-	control/shaping configuration."
+	control/shaping configuration.
+
+    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;

 start)
@ -221,9 +229,14 @@ stop)

 status)
 	echo "status: status
+
+    shorewall [-x] status
+
    Produce a verbose report about the firewall.
   
-    (iptables -L -n -v)"
+    (iptables -L -n -)
+
+    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;

 trace)
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -57,4 +57,16 @@ New Features:

   http://shorewall.net/netmap.html

+3) The /sbin/shorewall program now accepts a "-x" option to cause
+   iptables to print out the actual packet and byte counts rather than
+   abbreviated counts such as "13MB".
+
+   Commands affected by this are:
+
+	    shorewall -x show [ <chain>[ <chain> ...] ]
+	    shorewall -x show tos|mangle
+	    shorewall -x show nat
+	    shorewall -x status
+	    shorewall -x monitor [ <interval> ]
+
 
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@ -175,7 +175,7 @@ display_chains()
 	# Send the output to a temporary file since ash craps if we try to store
 	# the output in a variable.
 	#
-	iptables -L -n -v > /tmp/chains-$$
+	iptables -L $IPT_OPTIONS > /tmp/chains-$$

 	clear
 	echo "$banner $(date)"
@ -420,7 +420,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
 	echo
 	echo "NAT Status"
 	echo
-	iptables -t nat -L -n -v
+	iptables -t nat -L $IPT_OPTIONS
 	timed_read

 	clear
@ -429,7 +429,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
 	echo
 	echo "TOS/MARK Status"
 	echo
-	iptables -t mangle -L -n -v
+	iptables -t mangle -L $IPT_OPTIONS
 	timed_read

 	clear
@ -530,7 +530,7 @@ help()
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] <command>"
+    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] <command>"
    echo "where <command> is one of:"
    echo "   add <interface>[:<host>] <zone>"
    echo "   allow <address> ..."
@ -585,6 +585,7 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
 fi

 SHOREWALL_DIR=
+IPT_OPTIONS="-nv"
 done=0

 while [ $done -eq 0 ]; do
@ -605,6 +606,10 @@ while [ $done -eq 0 ]; do
 	shift
 	shift
 	;;
+    -x)
+	IPT_OPTIONS="-xnv"
+	shift
+	;;
    *)
 	done=1
 	;;
@ -710,14 +715,14 @@ case "$1" in
 	    echo "Shorewall-$version NAT at $HOSTNAME - $(date)"
 	    echo
 	    show_reset
-	    iptables -t nat -L -n -v
+	    iptables -t nat -L $IPT_OPTIONS
 	    ;;
 	tos|mangle)
 	    [ $# -gt 2 ] && usage 1
 	    echo "Shorewall-$version TOS at $HOSTNAME - $(date)"
 	    echo
 	    show_reset
-	    iptables -t mangle -L -n -v
+	    iptables -t mangle -L $IPT_OPTIONS
 	    ;;
 	log)
 	    [ $# -gt 2 ] && usage 1
@ -748,10 +753,10 @@ case "$1" in
 	    show_reset
 	    if [ $# -gt 0 ]; then
 		for chain in $*; do
-		    iptables -L $chain -n -v
+		    iptables -L $chain $IPT_OPTIONS
 		done
 	    else
-		iptables -L -n -v
+		iptables -L $IPT_OPTIONS
 	    fi
 	    ;;
 	esac
@ -775,17 +780,17 @@ case "$1" in
 	echo
 	show_reset
 	host=$(echo $HOSTNAME | sed 's/\..*$//')
-	iptables -L -n -v
+	iptables -L $IPT_OPTIONS
 	echo
 	packet_log 20
 	echo
 	echo "NAT Table"
 	echo
-	iptables -t nat -L -n -v
+	iptables -t nat -L $IPT_OPTIONS
 	echo
 	echo "Mangle Table"
 	echo
-	iptables -t mangle -L -n -v
+	iptables -t mangle -L $IPT_OPTIONS
 	echo
 	cat /proc/net/ip_conntrack
 	;;