mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 15:43:30 +01:00
Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in the 'restore-tail' file by calling 'run_and_save_command' and 'save_command' git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d8a471e7b9
commit
aaecd53a29
@ -70,6 +70,6 @@ AllowDistcc # accept Distributed Compiler traffic
|
|||||||
AllowEdonkey # accept edonkey traffic
|
AllowEdonkey # accept edonkey traffic
|
||||||
AllowGnutella # accept edonkey traffic
|
AllowGnutella # accept edonkey traffic
|
||||||
|
|
||||||
Drop:DROP #Common Action for DROP policy
|
Drop:DROP #Common Action for DROP policy
|
||||||
Reject:REJECT #Common Action for REJECT policy
|
Reject:REJECT #Common Action for REJECT policy
|
||||||
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
|
||||||
|
@ -7547,6 +7547,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
save_command "# Restore tail file generated by Shorewall $version - $(date)"
|
save_command "# Restore tail file generated by Shorewall $version - $(date)"
|
||||||
save_command "#"
|
save_command "#"
|
||||||
save_command "date > $STATEDIR/restarted"
|
save_command "date > $STATEDIR/restarted"
|
||||||
|
save_command "#"
|
||||||
|
|
||||||
run_user_exit start
|
run_user_exit start
|
||||||
|
|
||||||
@ -7558,12 +7559,14 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
|
|
||||||
report "Shorewall ${1}ed"
|
report "Shorewall ${1}ed"
|
||||||
|
|
||||||
|
run_user_exit started
|
||||||
|
|
||||||
rm -rf $TMP_DIR
|
rm -rf $TMP_DIR
|
||||||
|
|
||||||
mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
|
mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
|
||||||
mv -f $RESTOREBASE /var/lib/shorewall/restore-tail
|
mv -f $RESTOREBASE /var/lib/shorewall/restore-tail
|
||||||
|
|
||||||
run_user_exit started
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -249,11 +249,13 @@ save)
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
show)
|
show)
|
||||||
echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos|zones]
|
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|nat|tc|tos|zones]
|
||||||
|
|
||||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||||
(iptables -L chain -n -v)
|
(iptables -L chain -n -v)
|
||||||
|
|
||||||
|
shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
|
||||||
|
|
||||||
shorewall [-x] show nat - produce a verbose report about the nat table.
|
shorewall [-x] show nat - produce a verbose report about the nat table.
|
||||||
(iptables -t nat -L -n -v)
|
(iptables -t nat -L -n -v)
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ case "$command" in
|
|||||||
|
|
||||||
start)
|
start)
|
||||||
|
|
||||||
exec /sbin/shorewall $OPTIONS start
|
exec /sbin/shorewall $OPTIONS $@
|
||||||
;;
|
;;
|
||||||
|
|
||||||
stop|restart|status)
|
stop|restart|status)
|
||||||
|
@ -51,6 +51,7 @@
|
|||||||
# broadcast address on any "detect"
|
# broadcast address on any "detect"
|
||||||
# interface.
|
# interface.
|
||||||
# shorewall show <chain> [ <chain> ... ] Display the rules in each <chain> listed
|
# shorewall show <chain> [ <chain> ... ] Display the rules in each <chain> listed
|
||||||
|
# shorewall show actions Displays the available actions
|
||||||
# shorewall show log Print the last 20 log messages
|
# shorewall show log Print the last 20 log messages
|
||||||
# shorewall show connections Show the kernel's connection
|
# shorewall show connections Show the kernel's connection
|
||||||
# tracking table
|
# tracking table
|
||||||
@ -720,7 +721,7 @@ usage() # $1 = exit status
|
|||||||
echo " restart [ <directory> ]"
|
echo " restart [ <directory> ]"
|
||||||
echo " restore [ <file name> ]"
|
echo " restore [ <file name> ]"
|
||||||
echo " save [ <file name> ]"
|
echo " save [ <file name> ]"
|
||||||
echo " show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
|
echo " show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
|
||||||
echo " start [ <directory> ]"
|
echo " start [ <directory> ]"
|
||||||
echo " stop"
|
echo " stop"
|
||||||
echo " status"
|
echo " status"
|
||||||
@ -1084,6 +1085,18 @@ case "$1" in
|
|||||||
capabilities)
|
capabilities)
|
||||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
|
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
|
||||||
;;
|
;;
|
||||||
|
actions)
|
||||||
|
echo "allowBcast #Silently Allow Broadcast/multicast"
|
||||||
|
echo "dropBcast #Silently Drop Broadcast/multicast"
|
||||||
|
echo "dropNotSyn #Silently Drop Non-syn TCP packets"
|
||||||
|
echo "rejNotSyn #Silently Reject Non-syn TCP packets"
|
||||||
|
echo "dropInvalid #Silently Drop packets that are in the INVALID conntrack state"
|
||||||
|
echo "allowInvalid #Accept packets that are in the INVALID conntrack state."
|
||||||
|
echo "allowoutUPnP #Allow traffic from local command 'upnpd'"
|
||||||
|
echo "allowinUPnP #Allow UPnP inbound (to firewall) traffic"
|
||||||
|
echo "forwardUPnP #Allow traffic that upnpd has redirected from"
|
||||||
|
cat /usr/share/shorewall/actions.std /etc/shorewall/actions | grep -Ev '^\#|^$'
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
shift
|
shift
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user