mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 10:03:41 +01:00
Add -x option to /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1214 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
a3d8eb9d5b
commit
5f554b61dd
@ -11,3 +11,5 @@ Changes since 2.0.0
|
||||
5) Add 'netmap'
|
||||
|
||||
6) Fix another <zone>_frwd problem.
|
||||
|
||||
7) Add -x option to /sbin/shorewall.
|
||||
|
@ -147,8 +147,13 @@ logwatch)
|
||||
|
||||
monitor)
|
||||
echo "monitor: monitor [<refresh_interval>]
|
||||
|
||||
shorewall [-x] monitor [<refresh_interval>]
|
||||
|
||||
Continuously display the firewall status, last 20 log entries and nat.
|
||||
When the log entry display changes, an audible alarm is sounded."
|
||||
When the log entry display changes, an audible alarm is sounded.
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
refresh)
|
||||
@ -185,14 +190,15 @@ save)
|
||||
;;
|
||||
|
||||
show)
|
||||
echo "show: show [<chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
|
||||
shorewall show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||
echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
|
||||
|
||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||
(iptables -L chain -n -v)
|
||||
|
||||
shorewall show nat - produce a verbose report about the nat table.
|
||||
shorewall [-x] show nat - produce a verbose report about the nat table.
|
||||
(iptables -t nat -L -n -v)
|
||||
|
||||
shorewall show tos - produce a verbose report about the mangle table.
|
||||
shorewall [-x] show tos - produce a verbose report about the mangle table.
|
||||
(iptables -t mangle -L -n -v)
|
||||
|
||||
shorewall show log - display the last 20 packet log entries.
|
||||
@ -201,7 +207,9 @@ show)
|
||||
being tracked by the firewall.
|
||||
|
||||
shorewall show tc - displays information about the traffic
|
||||
control/shaping configuration."
|
||||
control/shaping configuration.
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
start)
|
||||
@ -221,9 +229,14 @@ stop)
|
||||
|
||||
status)
|
||||
echo "status: status
|
||||
|
||||
shorewall [-x] status
|
||||
|
||||
Produce a verbose report about the firewall.
|
||||
|
||||
(iptables -L -n -v)"
|
||||
(iptables -L -n -)
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
trace)
|
||||
|
@ -57,4 +57,16 @@ New Features:
|
||||
|
||||
http://shorewall.net/netmap.html
|
||||
|
||||
3) The /sbin/shorewall program now accepts a "-x" option to cause
|
||||
iptables to print out the actual packet and byte counts rather than
|
||||
abbreviated counts such as "13MB".
|
||||
|
||||
Commands affected by this are:
|
||||
|
||||
shorewall -x show [ <chain>[ <chain> ...] ]
|
||||
shorewall -x show tos|mangle
|
||||
shorewall -x show nat
|
||||
shorewall -x status
|
||||
shorewall -x monitor [ <interval> ]
|
||||
|
||||
|
||||
|
@ -175,7 +175,7 @@ display_chains()
|
||||
# Send the output to a temporary file since ash craps if we try to store
|
||||
# the output in a variable.
|
||||
#
|
||||
iptables -L -n -v > /tmp/chains-$$
|
||||
iptables -L $IPT_OPTIONS > /tmp/chains-$$
|
||||
|
||||
clear
|
||||
echo "$banner $(date)"
|
||||
@ -420,7 +420,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
|
||||
echo
|
||||
echo "NAT Status"
|
||||
echo
|
||||
iptables -t nat -L -n -v
|
||||
iptables -t nat -L $IPT_OPTIONS
|
||||
timed_read
|
||||
|
||||
clear
|
||||
@ -429,7 +429,7 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
|
||||
echo
|
||||
echo "TOS/MARK Status"
|
||||
echo
|
||||
iptables -t mangle -L -n -v
|
||||
iptables -t mangle -L $IPT_OPTIONS
|
||||
timed_read
|
||||
|
||||
clear
|
||||
@ -530,7 +530,7 @@ help()
|
||||
#
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] <command>"
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [-c <directory>] [ -x ] <command>"
|
||||
echo "where <command> is one of:"
|
||||
echo " add <interface>[:<host>] <zone>"
|
||||
echo " allow <address> ..."
|
||||
@ -585,6 +585,7 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=
|
||||
IPT_OPTIONS="-nv"
|
||||
done=0
|
||||
|
||||
while [ $done -eq 0 ]; do
|
||||
@ -605,6 +606,10 @@ while [ $done -eq 0 ]; do
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
-x)
|
||||
IPT_OPTIONS="-xnv"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
done=1
|
||||
;;
|
||||
@ -710,14 +715,14 @@ case "$1" in
|
||||
echo "Shorewall-$version NAT at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
iptables -t nat -L -n -v
|
||||
iptables -t nat -L $IPT_OPTIONS
|
||||
;;
|
||||
tos|mangle)
|
||||
[ $# -gt 2 ] && usage 1
|
||||
echo "Shorewall-$version TOS at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
iptables -t mangle -L -n -v
|
||||
iptables -t mangle -L $IPT_OPTIONS
|
||||
;;
|
||||
log)
|
||||
[ $# -gt 2 ] && usage 1
|
||||
@ -748,10 +753,10 @@ case "$1" in
|
||||
show_reset
|
||||
if [ $# -gt 0 ]; then
|
||||
for chain in $*; do
|
||||
iptables -L $chain -n -v
|
||||
iptables -L $chain $IPT_OPTIONS
|
||||
done
|
||||
else
|
||||
iptables -L -n -v
|
||||
iptables -L $IPT_OPTIONS
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
@ -775,17 +780,17 @@ case "$1" in
|
||||
echo
|
||||
show_reset
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
iptables -L -n -v
|
||||
iptables -L $IPT_OPTIONS
|
||||
echo
|
||||
packet_log 20
|
||||
echo
|
||||
echo "NAT Table"
|
||||
echo
|
||||
iptables -t nat -L -n -v
|
||||
iptables -t nat -L $IPT_OPTIONS
|
||||
echo
|
||||
echo "Mangle Table"
|
||||
echo
|
||||
iptables -t mangle -L -n -v
|
||||
iptables -t mangle -L $IPT_OPTIONS
|
||||
echo
|
||||
cat /proc/net/ip_conntrack
|
||||
;;
|
||||
|
Loading…
Reference in New Issue
Block a user