Add 'shorewall show actions command'

Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-24 16:27:21 +00:00
parent d8a471e7b9
commit aaecd53a29
5 changed files with 24 additions and 6 deletions

View File

@ -70,6 +70,6 @@ AllowDistcc # accept Distributed Compiler traffic
AllowEdonkey # accept edonkey traffic AllowEdonkey # accept edonkey traffic
AllowGnutella # accept edonkey traffic AllowGnutella # accept edonkey traffic
Drop:DROP #Common Action for DROP policy Drop:DROP #Common Action for DROP policy
Reject:REJECT #Common Action for REJECT policy Reject:REJECT #Common Action for REJECT policy
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

View File

@ -7547,6 +7547,7 @@ define_firewall() # $1 = Command (Start or Restart)
save_command "# Restore tail file generated by Shorewall $version - $(date)" save_command "# Restore tail file generated by Shorewall $version - $(date)"
save_command "#" save_command "#"
save_command "date > $STATEDIR/restarted" save_command "date > $STATEDIR/restarted"
save_command "#"
run_user_exit start run_user_exit start
@ -7558,12 +7559,14 @@ define_firewall() # $1 = Command (Start or Restart)
report "Shorewall ${1}ed" report "Shorewall ${1}ed"
run_user_exit started
rm -rf $TMP_DIR rm -rf $TMP_DIR
mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
mv -f $RESTOREBASE /var/lib/shorewall/restore-tail mv -f $RESTOREBASE /var/lib/shorewall/restore-tail
run_user_exit started
} }
# #

View File

@ -249,11 +249,13 @@ save)
;; ;;
show) show)
echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos|zones] echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|nat|tc|tos|zones]
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s). shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
(iptables -L chain -n -v) (iptables -L chain -n -v)
shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
shorewall [-x] show nat - produce a verbose report about the nat table. shorewall [-x] show nat - produce a verbose report about the nat table.
(iptables -t nat -L -n -v) (iptables -t nat -L -n -v)

View File

@ -74,7 +74,7 @@ case "$command" in
start) start)
exec /sbin/shorewall $OPTIONS start exec /sbin/shorewall $OPTIONS $@
;; ;;
stop|restart|status) stop|restart|status)

View File

@ -51,6 +51,7 @@
# broadcast address on any "detect" # broadcast address on any "detect"
# interface. # interface.
# shorewall show <chain> [ <chain> ... ] Display the rules in each <chain> listed # shorewall show <chain> [ <chain> ... ] Display the rules in each <chain> listed
# shorewall show actions Displays the available actions
# shorewall show log Print the last 20 log messages # shorewall show log Print the last 20 log messages
# shorewall show connections Show the kernel's connection # shorewall show connections Show the kernel's connection
# tracking table # tracking table
@ -720,7 +721,7 @@ usage() # $1 = exit status
echo " restart [ <directory> ]" echo " restart [ <directory> ]"
echo " restore [ <file name> ]" echo " restore [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]" echo " show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
echo " start [ <directory> ]" echo " start [ <directory> ]"
echo " stop" echo " stop"
echo " status" echo " status"
@ -1084,6 +1085,18 @@ case "$1" in
capabilities) capabilities)
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
;; ;;
actions)
echo "allowBcast #Silently Allow Broadcast/multicast"
echo "dropBcast #Silently Drop Broadcast/multicast"
echo "dropNotSyn #Silently Drop Non-syn TCP packets"
echo "rejNotSyn #Silently Reject Non-syn TCP packets"
echo "dropInvalid #Silently Drop packets that are in the INVALID conntrack state"
echo "allowInvalid #Accept packets that are in the INVALID conntrack state."
echo "allowoutUPnP #Allow traffic from local command 'upnpd'"
echo "allowinUPnP #Allow UPnP inbound (to firewall) traffic"
echo "forwardUPnP #Allow traffic that upnpd has redirected from"
cat /usr/share/shorewall/actions.std /etc/shorewall/actions | grep -Ev '^\#|^$'
;;
*) *)
shift shift