mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in the 'restore-tail' file by calling 'run_and_save_command' and 'save_command' git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d8a471e7b9
commit
aaecd53a29
@ -70,6 +70,6 @@ AllowDistcc # accept Distributed Compiler traffic
|
||||
AllowEdonkey # accept edonkey traffic
|
||||
AllowGnutella # accept edonkey traffic
|
||||
|
||||
Drop:DROP #Common Action for DROP policy
|
||||
Reject:REJECT #Common Action for REJECT policy
|
||||
Drop:DROP #Common Action for DROP policy
|
||||
Reject:REJECT #Common Action for REJECT policy
|
||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||
|
@ -7547,6 +7547,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
save_command "# Restore tail file generated by Shorewall $version - $(date)"
|
||||
save_command "#"
|
||||
save_command "date > $STATEDIR/restarted"
|
||||
save_command "#"
|
||||
|
||||
run_user_exit start
|
||||
|
||||
@ -7558,12 +7559,14 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
|
||||
report "Shorewall ${1}ed"
|
||||
|
||||
run_user_exit started
|
||||
|
||||
rm -rf $TMP_DIR
|
||||
|
||||
mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
|
||||
mv -f $RESTOREBASE /var/lib/shorewall/restore-tail
|
||||
|
||||
run_user_exit started
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -249,11 +249,13 @@ save)
|
||||
;;
|
||||
|
||||
show)
|
||||
echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos|zones]
|
||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|nat|tc|tos|zones]
|
||||
|
||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||
(iptables -L chain -n -v)
|
||||
|
||||
shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
|
||||
|
||||
shorewall [-x] show nat - produce a verbose report about the nat table.
|
||||
(iptables -t nat -L -n -v)
|
||||
|
||||
|
@ -74,7 +74,7 @@ case "$command" in
|
||||
|
||||
start)
|
||||
|
||||
exec /sbin/shorewall $OPTIONS start
|
||||
exec /sbin/shorewall $OPTIONS $@
|
||||
;;
|
||||
|
||||
stop|restart|status)
|
||||
|
@ -51,6 +51,7 @@
|
||||
# broadcast address on any "detect"
|
||||
# interface.
|
||||
# shorewall show <chain> [ <chain> ... ] Display the rules in each <chain> listed
|
||||
# shorewall show actions Displays the available actions
|
||||
# shorewall show log Print the last 20 log messages
|
||||
# shorewall show connections Show the kernel's connection
|
||||
# tracking table
|
||||
@ -720,7 +721,7 @@ usage() # $1 = exit status
|
||||
echo " restart [ <directory> ]"
|
||||
echo " restore [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
|
||||
echo " show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
|
||||
echo " start [ <directory> ]"
|
||||
echo " stop"
|
||||
echo " status"
|
||||
@ -1084,6 +1085,18 @@ case "$1" in
|
||||
capabilities)
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
|
||||
;;
|
||||
actions)
|
||||
echo "allowBcast #Silently Allow Broadcast/multicast"
|
||||
echo "dropBcast #Silently Drop Broadcast/multicast"
|
||||
echo "dropNotSyn #Silently Drop Non-syn TCP packets"
|
||||
echo "rejNotSyn #Silently Reject Non-syn TCP packets"
|
||||
echo "dropInvalid #Silently Drop packets that are in the INVALID conntrack state"
|
||||
echo "allowInvalid #Accept packets that are in the INVALID conntrack state."
|
||||
echo "allowoutUPnP #Allow traffic from local command 'upnpd'"
|
||||
echo "allowinUPnP #Allow UPnP inbound (to firewall) traffic"
|
||||
echo "forwardUPnP #Allow traffic that upnpd has redirected from"
|
||||
cat /usr/share/shorewall/actions.std /etc/shorewall/actions | grep -Ev '^\#|^$'
|
||||
;;
|
||||
*)
|
||||
shift
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user