Add -x option to /sbin/shorewall

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1214 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -11,3 +11,5 @@ Changes since 2.0.0
 5) Add 'netmap'
 
 6) Fix another <zone>_frwd problem.
+
+7) Add -x option to /sbin/shorewall.

Shorewall2/help

@@ -147,8 +147,13 @@ logwatch)
 
 monitor)
 	echo "monitor: monitor [<refresh_interval>]
+
+    shorewall [-x] monitor [<refresh_interval>]
+
     Continuously display the firewall status, last 20 log entries and nat.
-    When the log entry display changes, an audible alarm is sounded."
+    When the log entry display changes, an audible alarm is sounded.
+
+    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;
 
 refresh)
@@ -185,14 +190,15 @@ save)
 	;;
 
 show)
-	echo "show: show [<chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
+	echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
-    shorewall show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
+
+    shorewall [-x] show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
     (iptables -L chain -n -v)
 
-    shorewall show nat - produce a verbose report about the nat table.
+    shorewall [-x] show nat - produce a verbose report about the nat table.
     (iptables -t nat -L -n -v)
 
-    shorewall show tos - produce a verbose report about the mangle table.
+    shorewall [-x] show tos - produce a verbose report about the mangle table.
     (iptables -t mangle -L -n -v)
 
     shorewall show log - display the last 20 packet log entries.
@@ -201,7 +207,9 @@ show)
 	being tracked by the firewall.
 
     shorewall show tc - displays information about the traffic
-	control/shaping configuration."
+	control/shaping configuration.
+
+    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;
 
 start)
@@ -221,9 +229,14 @@ stop)
 
 status)
 	echo "status: status
+
+    shorewall [-x] status
+
     Produce a verbose report about the firewall.
    
-    (iptables -L -n -v)"
+    (iptables -L -n -)
+
+    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;
 
 trace)

Shorewall2/releasenotes.txt

@@ -57,4 +57,16 @@ New Features:
 
    http://shorewall.net/netmap.html
 
+3) The /sbin/shorewall program now accepts a "-x" option to cause
+   iptables to print out the actual packet and byte counts rather than
+   abbreviated counts such as "13MB".
+
+   Commands affected by this are:
+
+	    shorewall -x show [ <chain>[ <chain> ...] ]
+	    shorewall -x show tos|mangle
+	    shorewall -x show nat
+	    shorewall -x status
+	    shorewall -x monitor [ <interval> ]
+
  

Shorewall2/shorewall

@@ -175,7 +175,7 @@ display_chains()
 	# Send the output to a temporary file since ash craps if we try to store
 	# the output in a variable.
 	#
-	iptables -L -n -v > /tmp/chains-$$
+	iptables -L $IPT_OPTIONS > /tmp/chains-$$
 
 	clear
 	echo "$banner $(date)"
@@ -420,7 +420,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
 	echo
 	echo "NAT Status"
 	echo
-	iptables -t nat -L -n -v
+	iptables -t nat -L $IPT_OPTIONS
 	timed_read
 
 	clear
@@ -429,7 +429,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
 	echo
 	echo "TOS/MARK Status"
 	echo
-	iptables -t mangle -L -n -v
+	iptables -t mangle -L $IPT_OPTIONS
 	timed_read
 
 	clear
@@ -530,7 +530,7 @@ help()
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] <command>"
+    echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] <command>"
     echo "where <command> is one of:"
     echo "   add <interface>[:<host>] <zone>"
     echo "   allow <address> ..."
@@ -585,6 +585,7 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
 fi
 
 SHOREWALL_DIR=
+IPT_OPTIONS="-nv"
 done=0
 
 while [ $done -eq 0 ]; do
@@ -605,6 +606,10 @@ while [ $done -eq 0 ]; do
 	shift
 	shift
 	;;
+    -x)
+	IPT_OPTIONS="-xnv"
+	shift
+	;;
     *)
 	done=1
 	;;
@@ -710,14 +715,14 @@ case "$1" in
 	    echo "Shorewall-$version NAT at $HOSTNAME - $(date)"
 	    echo
 	    show_reset
-	    iptables -t nat -L -n -v
+	    iptables -t nat -L $IPT_OPTIONS
 	    ;;
 	tos|mangle)
 	    [ $# -gt 2 ] && usage 1
 	    echo "Shorewall-$version TOS at $HOSTNAME - $(date)"
 	    echo
 	    show_reset
-	    iptables -t mangle -L -n -v
+	    iptables -t mangle -L $IPT_OPTIONS
 	    ;;
 	log)
 	    [ $# -gt 2 ] && usage 1
@@ -748,10 +753,10 @@ case "$1" in
 	    show_reset
 	    if [ $# -gt 0 ]; then
 		for chain in $*; do
-		    iptables -L $chain -n -v
+		    iptables -L $chain $IPT_OPTIONS
 		done
 	    else
-		iptables -L -n -v
+		iptables -L $IPT_OPTIONS
 	    fi
 	    ;;
 	esac
@@ -775,17 +780,17 @@ case "$1" in
 	echo
 	show_reset
 	host=$(echo $HOSTNAME | sed 's/\..*$//')
-	iptables -L -n -v
+	iptables -L $IPT_OPTIONS
 	echo
 	packet_log 20
 	echo
 	echo "NAT Table"
 	echo
-	iptables -t nat -L -n -v
+	iptables -t nat -L $IPT_OPTIONS
 	echo
 	echo "Mangle Table"
 	echo
-	iptables -t mangle -L -n -v
+	iptables -t mangle -L $IPT_OPTIONS
 	echo
 	cat /proc/net/ip_conntrack
 	;;