extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-04-14 14:28:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refine -lite handling of scfilter.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-10-03 12:52:30 -07:00
parent b3d0447ef2
commit cee05d9763
5 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3430,9 +3430,11 @@ sub generate_aux_config() {
if ( -f $fn ) { if ( -f $fn ) {
emit( '', emit( '',
'cat << __EOF__ > ${VARDIR}/scfilter' ); 'show_connections_filter() {' );
append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -"; push_indent;
emit_unindented( "__EOF__\n" ); append_file( $fn,1 ) or emit 'cat -';
pop_indent;
emit '}';
} }
finalize_aux_config; finalize_aux_config;

7
Shorewall/lib.cli
View File

@ -434,7 +434,10 @@ list_zone() {
} }
# #
# Show Filter # Show Filter - For Shorewall-lite, if there was an scfilter file at compile-time,
# then the compiler generated another version of this function and
# embedded it in the firewall.conf file. That version supersedes this
# one.
# #
show_connections_filter() { show_connections_filter() {
local filter local filter
@ -443,7 +446,7 @@ show_connections_filter() {
command=${SHOREWALL_SHELL} command=${SHOREWALL_SHELL}
[ "$g_product" = Shorewall ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter filter=$(find_file scfilter)
if [ -f $filter ]; then if [ -f $filter ]; then
first=$(head -n1 $filter) first=$(head -n1 $filter)

9
Shorewall/releasenotes.txt
View File

@ -110,12 +110,11 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
which passes the output through unmodified. which passes the output through unmodified.
If you are using Shorewall-lite and/or Shorewall6-lite, the If you are using Shorewall-lite and/or Shorewall6-lite, the
scfilter file is kept on the administrative system and is copied scfilter file is kept on the administrative system. The compiler
encapsulates the script into a shell function that is copied
into the generated auxillary configuration file into the generated auxillary configuration file
(firewall.conf). Each time that configuration file is read, the (firewall.conf). That function is then invoked by the 'show
scfilter script is extracted into /var/lib/shorewall-lite/scfilter connections' command.
(/var/lib/shorewall6-lite/scfilter) where /sbin/shorewall-lite
(/sbin/shorewall6-lite) looks for it.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S

7
Shorewall6/lib.cli
View File

@ -358,7 +358,10 @@ show_routing() {
} }
# #
# Show Connections Filter # Show Filter - For Shorewall6-lite, if there was an scfilter file at compile-time,
# then the compiler generated another version of this function and
# embedded it in the firewall.conf file. That version supersedes this
# one.
# #
show_connections_filter() { show_connections_filter() {
local filter local filter
@ -367,7 +370,7 @@ show_connections_filter() {
command=${SHOREWALL_SHELL} command=${SHOREWALL_SHELL}
[ "$g_product" = Shorewall6 ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter filter=$(find_file scfilter)
if [ -f $filter ]; then if [ -f $filter ]; then
first=$(head -n1 $filter) first=$(head -n1 $filter)

13
docs/shorewall_extension_scripts.xml
View File

@ -203,18 +203,19 @@ esac</programlisting><caution>
<listitem> <listitem>
<para><filename>scfilter</filename> -- Added in Shorewall 4.4.14. <para><filename>scfilter</filename> -- Added in Shorewall 4.4.14.
Unlike the other scripts, this script is executed by the command line Unlike the other scripts, this script is executed by the command-line
tools (<filename>/sbin/shorewall</filename>, tools (<filename>/sbin/shorewall</filename>,
<filename>/sbin/shorewall6</filename>, etc) and can be used to <filename>/sbin/shorewall6</filename>, etc) and can be used to
reformat the output of the <command>show connections</command> reformat the output of the <command>show connections</command>
command. The connection information is piped through this script so command. The connection information is piped through this script so
that the script can drop information, add information or alter the that the script can drop information, add information or alter the
format of the information. When using Shorewall Lite or Shorewall6 format of the information. When using Shorewall Lite or Shorewall6
Lite, the script is copied into the generated auxillary configuration Lite, the script is encapsulated in a function that is copied into the
file (firewall.conf) and is extracted into /var/lib/shorewall-lite generated auxillary configuration file. That function is invoked by
(/var/lib/shorewall6-lite) where /sbin/shorewall-lite the 'show connections' command.</para>
(/sbin/shorewall6-lite) can find it. The default script is as follows
and simply pipes the output through unaltered.</para> <para>The default script is as follows and simply pipes the output
through unaltered.</para>
<programlisting>#! /bin/sh <programlisting>#! /bin/sh
cat -</programlisting> cat -</programlisting>