Enhance status IP/routing output

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1490 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-22 21:48:39 +01:00 · 2004-07-21 18:57:45 +00:00 · 2004-07-21 18:57:45 +00:00 · 5fa329c658
commit 5fa329c658
parent d49f474ff5
6 changed files with 98 additions and 19 deletions
--- a/STABLE2/changelog.txt
+++ b/STABLE2/changelog.txt
@ -38,3 +38,5 @@ Changes in 2.0.7
   status".

 2) Consult PKTTYPE when generating 'REJECT' rules.
+
+3) Enhance IP/Routing output in "shorewall status".
--- a/STABLE2/releasenotes.txt
+++ b/STABLE2/releasenotes.txt
@ -41,16 +41,72 @@ Problems Corrected in version 2.0.6
 -----------------------------------------------------------------------
 Problems Corrected in version 2.0.7

-1) To improve supportability, the "shorewall status" command now
-   includes the output from "ip rule ls", "ip route ls" and 
-   "ip addr ls".
-
-2) The PKTTYPE option introduced in version 2.0.6 is now used when
+1) The PKTTYPE option introduced in version 2.0.6 is now used when
   generating rules to REJECT packets. Broadcast packets are silently
   dropped rather than being rejected with an ICMP (which is a protocol
   violation) and users whose kernels have broken packet type match
   support are likely to see messages reporting this violation.
   Setting PKTTYPE=No should cause these messages to cease. 

+New Features in version 2.0.7
+
+1) To improve supportability, the "shorewall status" command now
+   includes IP and Route configuration information.
+
+   Example:
+
+   IP Configuration
+
+   1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
+      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+      inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
+      inet6 ::1/128 scope host
+   2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
+      link/ether 00:a0:c9:15:39:78 brd ff:ff:ff:ff:ff:ff
+      inet6 fe80::2a0:c9ff:fe15:3978/64 scope link
+   3: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
+      link/ether 00:a0:c9:a7:d7:bf brd ff:ff:ff:ff:ff:ff
+      inet6 fe80::2a0:c9ff:fea7:d7bf/64 scope link
+   5: sit0@NONE: <NOARP> mtu 1480 qdisc noop
+      link/sit 0.0.0.0 brd 0.0.0.0
+   6: eth2: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
+      link/ether 00:40:d0:07:3a:1b brd ff:ff:ff:ff:ff:ff
+      inet6 fe80::240:d0ff:fe07:3a1b/64 scope link
+   7: br0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1500 qdisc noqueue
+      link/ether 00:40:d0:07:3a:1b brd ff:ff:ff:ff:ff:ff
+      inet 192.168.1.3/24 brd 192.168.1.255 scope global br0
+      inet6 fe80::240:d0ff:fe07:3a1b/64 scope link
+
+   Routing Rules
+
+   0:      from all lookup local	
+   32765:  from all fwmark       ca lookup www.out
+   32766:  from all lookup main
+   32767:  from all lookup default
+
+   Table local:
+
+   broadcast 192.168.1.0 dev br0  proto kernel  scope link  src 192.168.1.3
+   broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
+   local 192.168.1.3 dev br0  proto kernel  scope host  src 192.168.1.3
+   broadcast 192.168.1.255 dev br0  proto kernel  scope link  src 192.168.1.3
+   broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
+   local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
+   local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1
+
+   Table www.out:
+
+   default via 192.168.1.3 dev br0
+
+   Table main:
+
+   192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.3
+   default via 192.168.1.254 dev br0
+
+   Table default:
+
+
+
+


--- a/STABLE2/shorewall
+++ b/STABLE2/shorewall
@ -886,11 +886,16 @@ case "$1" in
 	echo
 	ip addr ls
 	echo
-	echo "Routing"
+	echo "Routing Rules"
 	echo
 	ip rule ls
+	ip rule ls | while read rule; do
+	    table=${rule##* }
 	    echo
-	ip route ls
+	    echo "Table $table:"
+	    echo
+	    ip route ls table $table
+	done
 	;;
    hits)
    	[ -n "$debugging" ] && set -x
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -31,3 +31,5 @@ Changes since 2.0.3
 9) Fix syntax error in setup_nat()

       firewall
+
+10) Port "shorewall status" changes from 2.0.7.
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -4979,6 +4979,13 @@ initialize_netfilter () {
 add_common_rules() {
    local savelogparms="$LOGPARMS"
    local broadcasts="$(find_broadcasts) 255.255.255.255 224.0.0.0/4"
+
+    drop_broadcasts() {
+	for address in $broadcasts ; do
+	    run_iptables -A reject -d $address -j DROP
+	done
+    }
+
    #
    # Populate the smurf chain
    #
@ -4989,14 +4996,16 @@ add_common_rules() {
    #
    # Reject Rules -- Don't respond to broadcasts with an ICMP
    #
+    if [ -n "$PKTTYPE" ]; then
 	qt iptables -A reject -m pkttype --pkt-type broadcast -j DROP
 	if ! qt iptables -A reject -m pkttype --pkt-type multicast -j DROP; then
            #
 	    # No pkttype support -- do it the hard way
 	    #
-	for address in $broadcasts ; do
-	    run_iptables -A reject -d $address -j DROP
-	done
+	    drop_broadcasts
+	fi
+    else
+	drop_broadcasts
    fi
    #
    # Don't feed the smurfs
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@ -886,11 +886,16 @@ case "$1" in
 	echo
 	ip addr ls
 	echo
-	echo "Routing"
+	echo "Routing Rules"
 	echo
 	ip rule ls
+	ip rule ls | while read rule; do
+	    table=${rule##* }
 	    echo
-	ip route ls
+	    echo "Table $table:"
+	    echo
+	    ip route ls table $table
+	done
 	;;
    hits)
    	[ -n "$debugging" ] && set -x