From f6323ea466cdcce6b64e2733eceee49b564804da Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 21 Nov 2006 22:52:07 +0000 Subject: [PATCH] Remove command-specific help; add -t option to show command git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-lite/help | 304 ------------------- Shorewall-lite/install.sh | 7 - Shorewall-lite/shorewall-lite | 5 +- Shorewall-lite/shorewall-lite.spec | 1 - Shorewall/changelog.txt | 2 + Shorewall/help | 467 ----------------------------- Shorewall/install.sh | 6 - Shorewall/lib.cli | 30 +- Shorewall/releasenotes.txt | 5 +- Shorewall/shorewall | 9 +- Shorewall/shorewall.spec | 1 - manpages-lite/shorewall-lite.xml | 16 +- manpages/shorewall.xml | 8 +- 13 files changed, 40 insertions(+), 821 deletions(-) delete mode 100755 Shorewall-lite/help delete mode 100755 Shorewall/help diff --git a/Shorewall-lite/help b/Shorewall-lite/help deleted file mode 100755 index 33ea20d72..000000000 --- a/Shorewall-lite/help +++ /dev/null @@ -1,304 +0,0 @@ -#!/bin/sh -# -# Shorewall help subsystem - V3.3 -# -# -# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] -# -# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net) -# Steve Herber (herber@thing.com) -# -# This file should be placed in /usr/share/shorewall-lite/help -# -# Shorewall documentation is available at http://shorewall.sourceforge.net -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA -################################################################################## - -case $1 in - -address|host) - echo "<$1>: - May be either a host IP address such as 192.168.1.4 or a network address in - CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange - match support then IP address ranges of the form - - are also permitted. If your kernel and iptables contain ipset match support - then you may specify the name of an ipset prefaced by "+". The name of the - ipsec may be optionally followed by a number of levels of ipset bindings - (1 - 6) that are to be followed" - ;; - -allow) - echo "allow: allow
... - Re-enables receipt of packets from hosts previously blacklisted - by a drop or reject command. - - shorewall-lite allow, drop, rejct and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -clear) - echo "clear: clear - Clear will remove all rules and chains installed by Shoreline. - The firewall is then wide open and unprotected. Existing - connections are untouched. Clear is often used to see if the - firewall is causing connection problems." - ;; - -debug) - echo "debug: debug - If you include the keyword debug as the first argument to any - of these commands: - - start|stop|restart|reset|clear|add|delete - - then a shell trace of the command is produced. For example: - - shorewall-lite debug start 2> /tmp/trace - - The above command would trace the 'start' command and - place the trace information in the file /tmp/trace. - - The word 'trace' is a synonym for 'debug'." - ;; - -drop) - echo "$1: $1
... - Causes packets from the specified
to be ignored - - shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -dump) - echo "dump: dump - - shorewall-lite [-x] dump - - Produce a verbose report about the firewall for problem analysis. - - (iptables -L -n -) - - When -x is given, that option is also passed to iptables to display actual packet and byte counts." - ;; - -forget) - echo "forget: forget [ ] - Deletes /var/lib/shorewall-lite/. If no is given then - the file specified by RESTOREFILE in shorewall.conf is removed. - - See also \"help save\"" - ;; - -help) - echo "help: help [ | host | address ] - Display helpful information about the shorewall-lite commands." - ;; - -hits) - echo "hits: hits - Produces several reports about the Shorewall packet log messages - in the current /var/log/messages file." - ;; - -ipcalc) - echo "ipcalc: ipcalc { address mask | address/vlsm } - Ipcalc displays the network address, broadcast address, - network in CIDR notation and netmask corresponding to the input[s]." - ;; - -ipdecimal) - echo "ipdecimal: ipdecimal { | } - Converts an IP address into its 32-bit decimal equivalent and - vice versa" - ;; - -iprange) - echo "iprange: iprange address1-address2 - Iprange decomposes the specified range of IP addresses into the - equivalent list of network/host addresses." - ;; - -logdrop) - echo "$1: $1
... - Causes packets from the specified
to be ignored and loged. - - shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -logwatch) - echo "logwatch: logwatch [ -m ] [] - Monitors the LOGFILE, $LOGFILE, - and produces an audible alarm when new Shorewall messages are logged. - If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed." - ;; - -logreject) - echo "$1: $1
... - Causes packets from the specified
to be rejected and logged. - - shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -reject) - echo "$1: $1
... - Causes packets from the specified
to be rejected - - shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -reset) - echo "reset: reset - All the packet and byte counters in the firewall are reset." - ;; - -restart) - echo "restart: restart [ -n ] [ ] - Restart is the same as a shorewall-lite stop && shorewall-lite start. - Existing connections are maintained. - - If \"-n\" is specified, no changes to routing will be made" - ;; - -restore) - echo "restore: restore [ -n ] [ ] - Restore Shorewall to a state saved using the 'save' command - Existing connections are maintained. The names a restore file in - /var/lib/shorewall-lite created using \"shorewall-lite save\"; if no - is given then Shorewall Lite will be restored from the file - specified by the RESTOREFILE option in shorewall.conf. - - If \"-n\" is specified, no changes to routing will be made. - - See also \"help save\", \"help compile\" and \"help forget\"" - ;; - -save) - echo "save: save [ ] - The dynamic data is stored in /var/lib/shorewall-lite/save. The state of the - firewall is stored in /var/lib/shorewall-lite/ for use by the 'shorewall-lite restore' - and 'shorewall-lite -f start' commands. If is not given then the state is saved - in the file specified by the RESTOREFILE option in shorewall.conf. - - shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help restore\" and \"help forget\"" - ;; - -show) - echo "show: show [ [ ...] |actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones] - - shorewall-lite [-x] show [ ... ] - produce a verbose report about the IPtable chain(s). - (iptables -L chain -n -v) - - shorewall-lite [-x] show mangle - produce a verbose report about the mangle table. - (iptables -t mangle -L -n -v) - - shorewall-lite [-x] show nat - produce a verbose report about the nat table. - (iptables -t nat -L -n -v) - - shorewall-lite show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then - MAC addresses in the log entries (if any) are displayed. - - shorewall-lite show connections - displays the IP connections currently - being tracked by the firewall. - - shorewall-lite show tc - displays information about the traffic - control/shaping configuration. - - shorewall-lite show zones - displays the contents of all zones. - - shorewall-lite show - [ -f ] capabilities - displays your kernel/iptables capabilities. When \"-f\" is - specified, then the output is suitable for use as /etc/shorewall/capabilities on your administrative - system. - - shorewall-lite show ip - produces output equivalent to 'ip addr ls' - - shorewall-lite show routing - produces a report about routing rules and tables. - - shorewall-lite show config - displays the default CONFIG_PATH and LITEDIR for your distribution - - When -x is given, that option is also passed to iptables to display actual packet and byte counts." - ;; - -start) - echo "start: start [ -f ] [ -n ] [ ] - Start Shorewall Lite. Existing connections through shorewall managed - interfaces are untouched. New connections will be allowed only - if they are allowed by the firewall rules or policies. - - If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option - in shorewall.conf will be restored if that saved configuration exists. In that - case, a may not be specified. - If \"-n\" is specified, no changes to routing will be made." - ;; - -stop) - echo "stop: stop - Stops the firewall. All existing connections, except those - listed in routestopped, are taken down. - The only new traffic permitted through the firewall - is from systems listed in routestopped." - ;; - -status) - echo "status: status - - shorewall-lite status - - Displays the Shorewall Lite status (running/not-running). - - Also displays the Shorewall Lite state as shown in the state diagram at - http://www.shorewall.net/starting_and_stopping_shorewall. The time and - date when that state was reached is also displayed." - ;; - -trace) - echo "trace: trace - If you include the keyword trace as the first argument to any - of these commands: - - start|stop|restart|reset|clear - - then a shell trace of the command is produced. For example: - - shorewall-lite trace start 2> /tmp/trace - - The above command would trace the 'start' command and - place the trace information in the file /tmp/trace. - - The word 'debug' is a synonym for 'trace'." - ;; - -version) - echo "version: version - Show the current Shorewall Lite version which is: $version" - ;; - -*) - echo "$1: $1 is not recognized by the help command" - ;; - -esac - -exit 0 # always ok - diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh index 511ce62ff..cf18d2a07 100755 --- a/Shorewall-lite/install.sh +++ b/Shorewall-lite/install.sh @@ -313,13 +313,6 @@ install_file shorecap ${PREFIX}/usr/share/shorewall-lite/shorecap 0555 echo echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap" - -# Install the Help file -# -install_file help ${PREFIX}/usr/share/shorewall-lite/help 0544 - -echo "Help command executor installed in ${PREFIX}/usr/share/shorewall-lite/help" - # # Install the Modules file # diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index ed7208ccc..4841b2f25 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -375,7 +375,7 @@ usage() # $1 = exit status echo " drop
..." echo " dump [ -x ]" echo " forget [ ]" - echo " help [ | host | address ]" + echo " help" echo " hits" echo " ipcalc {
/ |
}" echo " ipdecimal {
| }" @@ -881,8 +881,7 @@ case "$COMMAND" in ;; help) shift - [ $# -ne 1 ] && usage 1 - help $@ + usage ;; *) usage 1 diff --git a/Shorewall-lite/shorewall-lite.spec b/Shorewall-lite/shorewall-lite.spec index 747b320a2..b9d361e4a 100644 --- a/Shorewall-lite/shorewall-lite.spec +++ b/Shorewall-lite/shorewall-lite.spec @@ -80,7 +80,6 @@ fi %attr(0444,root,root) /usr/share/shorewall-lite/lib.cli %attr(0444,root,root) /usr/share/shorewall-lite/modules %attr(0544,root,root) /usr/share/shorewall-lite/shorecap -%attr(0544,root,root) /usr/share/shorewall-lite/help %attr(0444,root,root) %{_mandir}/man5/shorewall-accounting.5.gz %attr(0444,root,root) %{_mandir}/man5/shorewall-actions.5.gz diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index cc1273a61..47174abdb 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in 3.3.6 1) Remove /etc/shorewall/Documentation. +2) Remove /usr/share/shorewall/help. + Changes in 3.3.5 1) Restore default route when there are no 'balance' providers. diff --git a/Shorewall/help b/Shorewall/help deleted file mode 100755 index 59dc7e55b..000000000 --- a/Shorewall/help +++ /dev/null @@ -1,467 +0,0 @@ -#!/bin/sh -# -# Shorewall help subsystem - V3.3 -# -# -# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] -# -# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net) -# Steve Herber (herber@thing.com) -# -# This file should be placed in /usr/share/shorewall/help -# -# Shorewall documentation is available at http://www.shorewall.net -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of Version 2 of the GNU General Public License -# as published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA -################################################################################## - -case $1 in - -add) - echo "add: add [:] ... - Adds a list of hosts or subnets to a dynamic zone usually used with VPN's. - - shorewall add interface:host-list ... zone - Adds the specified interface - (and host-list if included) to the specified zone. - - A host-list is a comma-separated list whose elements are: - - A host or network address - The name of a bridge port - The name of a bridge port followed by a colon (":") and a host or - network address. - - Example: - - shorewall add ipsec0:192.0.2.24 vpn1 -- adds the address 192.0.2.24 - from interface ipsec0 to the zone vpn1. - - See also \"help host\"" - ;; - -address|host) - echo "<$1>: - May be either a host IP address such as 192.168.1.4 or a network address in - CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange - match support then IP address ranges of the form - - are also permitted. If your kernel and iptables contain ipset match support - then you may specify the name of an ipset prefaced by "+". The name of the - ipsec may be optionally followed by a number of levels of ipset bindings - (1 - 6) that are to be followed" - ;; - -allow) - echo "allow: allow
... - Re-enables receipt of packets from hosts previously blacklisted - by a drop or reject command. - - Shorewall allow, drop, rejct and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -check) - echo "check: check [ -e ] [ ] - Performs a cursory validation of the zones, interfaces, hosts, - rules, policy, masq, blacklist, proxyarp, nat and provider files. Use this - if you are unsure of any edits you have made to the shorewall configuration. - See the try command examples for a recommended way to make changes. - - The \"-e\" option causes Shorewall to use the /etc/shorewall/capabilities - file to determine the capabilities of the target system rather than probing - for them on the local system." - ;; - -clear) - echo "clear: clear - Clear will remove all rules and chains installed by Shoreline. - The firewall is then wide open and unprotected. Existing - connections are untouched. Clear is often used to see if the - firewall is causing connection problems." - ;; - -compile) - echo "compile: compile [ -e ] [ ] - Compiles the current configuration into the executable file - . If names a file in /var/lib/shorewall then - the file may be executed using the \"restore\" command. - - When -e is specified, the compilation is being performed on a system - other than where the compiled script will run. This option disables - certain configuration options that require the script to be compiled - where it is to be run. - - Additional distributions are expected to be supported shortly." - ;; - -debug) - echo "debug: debug - If you include the keyword debug as the first argument to any - of these commands: - - start|stop|restart|reset|clear|refresh|check|add|delete|compile - - then a shell trace of the command is produced. For example: - - shorewall debug start 2> /tmp/trace - - The above command would trace the 'start' command and - place the trace information in the file /tmp/trace. - - The word 'trace' is a synonym for 'debug'." - ;; - -delete) - echo "delete: delete [:] ... - Deletes a list of hosts or networks from a dynamic zone usually used with VPN's. - - shorewall delete interface[:host-list] ... zone - Deletes the specified - interfaces (and host list if included) from the specified zone. - - A host-list is a comma-separated list whose elements are: - - A host or network address - The name of a bridge port - The name of a bridge port followed by a colon (":") and a host or - network address. - - Example: - - shorewall delete ipsec0:192.0.2.24 vpn1 -- deletes the address - 192.0.2.24 from interface ipsec0 from zone vpn1 - - See also \"help host\"" - ;; - -drop) - echo "$1: $1
... - Causes packets from the specified
to be ignored - - Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -dump) - echo "dump: dump - - shorewall [-x] dump - - Produce a verbose report about the firewall for problem analysis. - - (iptables -L -n -) - - When -x is given, that option is also passed to iptables to display actual packet and byte counts." - ;; - -export) - echo "export: export [ ] - - If is omitted, then the current working directory is assumed. - - Causes the shorewall configuration in to be compiled into a - program called '/firewall'. If compilation is successful, - the '/firewall' script is copied via scp to the specified - - - is of the form [user@]:[] - - Example: - - shorewall export admin@gateway:~ - - This command would compile the configuration in the current working directory - then copy the 'firewall' (and firewall.conf) files to admin's home directory - on system 'gateway'" - ;; - -forget) - echo "forget: forget [ ] - Deletes /var/lib/shorewall/. If no is given then - the file specified by RESTOREFILE in shorewall.conf is removed. - - See also \"help save\"" - ;; - -help) - echo "help: help [ | host | address ] - Display helpful information about the shorewall commands." - ;; - -hits) - echo "hits: hits - Produces several reports about the Shorewall packet log messages - in the current /var/log/messages file." - ;; - -ipcalc) - echo "ipcalc: ipcalc { address mask | address/vlsm } - Ipcalc displays the network address, broadcast address, - network in CIDR notation and netmask corresponding to the input[s]." - ;; - -ipdecimal) - echo "ipdecimal: ipdecimal { | } - Converts an IP address into its 32-bit decimal equivalent and - vice versa" - ;; - -iprange) - echo "iprange: iprange address1-address2 - Iprange decomposes the specified range of IP addresses into the - equivalent list of network/host addresses." - ;; - -load) - echo "load: load [ -s ] [ -c ] [ ] - If is omitted, then the current working directory is assumed. - - Requires that Shorewall Lite be installed on the named . - - Causes the shorewall configuration in to be compiled into a - program called '/firewall'. If compilation is successful, - the '/firewall' script is copied via scp to the - ${LITEDIR} directory on . If the script is copied - successfully, Shorewall Lite on is started via ssh. - - If the -s option is given and Shorewall Lite starts successfully then - ssh is used to execute 'shorewall-lite save' on - - If the -c option is given, Shorewall will capture the remote system's - capabilities to /capabilities before compiling" - ;; - -logdrop) - echo "$1: $1
... - Causes packets from the specified
to be ignored and loged. - - Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -logwatch) - echo "logwatch: logwatch [ -m ] [] - Monitors the LOGFILE, $LOGFILE, - and produces an audible alarm when new Shorewall messages are logged. - If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed." - ;; - -logreject) - echo "$1: $1
... - Causes packets from the specified
to be rejected and logged. - - Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -refresh) - echo "refresh: refresh - The rules involving the broadcast addresses of firewall interfaces, - the black list, and ECN control rules are recreated to reflect any - changes made. Existing connections are untouched." - ;; - -reject) - echo "$1: $1
... - Causes packets from the specified
to be rejected - - Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help address\"" - ;; - -reset) - echo "reset: reset - All the packet and byte counters in the firewall are reset." - ;; - -reload) - echo "reload: reload [ -s ] [ -c ] [ ] - If is omitted, then the current working directory is assumed. - - Requires that Shorewall Lite be installed on the named . - - Causes the shorewall configuration in to be compiled into a - program called '/firewall'. If compilation is successful, - the '/firewall' script is copied via scp to the - ${LITEDIR} directory on . If the script is copied - successfully, Shorewall Lite on is restarted via ssh. - - If the -s option is given and Shorewall Lite restarts successfully then - ssh is used to execute 'shorewall-lite save' on - - If the -c option is given, Shorewall will capture the remote system's - capabilities to /capabilities before compiling" - ;; - -restart) - echo "restart: restart [ -n ] [ ] - Restart is the same as a shorewall stop && shorewall start. - Existing connections are maintained. - - If \"-n\" is specified, no changes to routing will be made" - ;; - -safe-restart) - echo "safe-restart: safe-restart - Restart the same way as a shorewall restart except that previous firewall - configuration is backed up and will be restored if you notice any anomalies - or you are not able to reach the firewall any more." - ;; - -safe-start) - echo "safe-start: safe-start - Start the same way as a shorewall start except that in case of anomalies - shorewall clear is issued. " - ;; - -restore) - echo "restore: restore [ -n ] [ ] - Restore Shorewall to a state saved using the 'save' command - Existing connections are maintained. The names a restore file in - /var/lib/shorewall created using \"shorewall save\"; if no is given - then Shorewall will be restored from the file specified by the RESTOREFILE - option in shorewall.conf. - - If \"-n\" is specified, no changes to routing will be made. - - See also \"help save\", \"help compile\" and \"help forget\"" - ;; - -save) - echo "save: save [ ] - The dynamic data is stored in /var/lib/shorewall/save. The state of the - firewall is stored in /var/lib/shorewall/ for use by the 'shorewall restore' - and 'shorewall -f start' commands. If is not given then the state is saved - in the file specified by the RESTOREFILE option in shorewall.conf. - - Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting. - - See also \"help restore\" and \"help forget\"" - ;; - -show) - echo "show: show [ [ ...] |actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones] - - shorewall [-x] show [ ... ] - produce a verbose report about the IPtable chain(s). - (iptables -L chain -n -v) - - shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall - - shorewall [-x] show mangle - produce a verbose report about the mangle table. - (iptables -t mangle -L -n -v) - - shorewall [-x] show nat - produce a verbose report about the nat table. - (iptables -t nat -L -n -v) - - shorewall show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then - MAC addresses in the log entries (if any) are displayed. - - shorewall show macros -- displays the standard macros. - - shorewall show connections - displays the IP connections currently - being tracked by the firewall. - - shorewall show tc - displays information about the traffic - control/shaping configuration. - - shorewall show zones - displays the contents of all zones. - - shorewall show [ -f ] capabilities - displays your kernel/iptables capabilities. When \"-f\" is - specified, then the output is suitable for use as /etc/shorewall/capabilities. - - shorewall show ip - produces output equivalent to 'ip addr ls' - - shorewall show routing - produces a report about routing rules and tables. - - shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution - - When -x is given, that option is also passed to iptables to display actual packet and byte counts." - ;; - -start) - echo "start: start [ -f ] [ -n ] [ ] - Start shorewall. Existing connections through shorewall managed - interfaces are untouched. New connections will be allowed only - if they are allowed by the firewall rules or policies. - If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option - in shorewall.conf will be restored if that saved configuration exists. In that - case, a may not be specified. - If \"-n\" is specified, no changes to routing will be made." - ;; - -stop) - echo "stop: stop - Stops the firewall. All existing connections, except those - listed in /etc/shorewall/routestopped, are taken down. - The only new traffic permitted through the firewall - is from systems listed in /etc/shorewall/routestopped." - ;; - -status) - echo "status: status - - shorewall status - - Displays the Shorewall status (running/not-running). - - Also displays the Shorewall state as shown in the state diagram at - http://www.shorewall.net/starting_and_stopping_shorewall. The time and - date when that state was reached is also displayed." - ;; - -trace) - echo "trace: trace - If you include the keyword trace as the first argument to any - of these commands: - - start|stop|restart|reset|clear|refresh|check|add|delete|compile - - then a shell trace of the command is produced. For example: - - shorewall trace start 2> /tmp/trace - - The above command would trace the 'start' command and - place the trace information in the file /tmp/trace. - - The word 'debug' is a synonym for 'trace'." - ;; - -try) - echo "try: try [ -n ] [ ] - Restart shorewall using the specified configuration. If an error - occurs during the restart, then another shorewall restart is performed - using the default configuration. If a timeout is specified then - the restart is always performed after the timeout occurs and uses - the default configuration. - - The \"-n\" option will be passed down to the underlying commands (see - 'start', 'restart' and 'restore')" - ;; - -version) - echo "version: version - Show the current shorewall version which is: $version" - ;; - -*) - echo "$1: $1 is not recognized by the help command" - ;; - -esac - -exit 0 # always ok - diff --git a/Shorewall/install.sh b/Shorewall/install.sh index edd7ec129..71fdcd8bf 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -295,12 +295,6 @@ install_file compiler ${PREFIX}/usr/share/shorewall/compiler 0555 echo echo "Compiler installed in ${PREFIX}/usr/share/shorewall/compiler" -# Install the Help file -# -install_file help ${PREFIX}/usr/share/shorewall/help 0555 - -echo "Help command executor installed in ${PREFIX}/usr/share/shorewall/help" - # # Install the policy file # diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index e1cbbfada..c0b744508 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -355,7 +355,7 @@ show_routing() { # Show Command Executor # show_command() { - local finished=0 + local finished=0 local table=filter while [ $finished -eq 0 -a $# -gt 0 ]; do option=$1 @@ -385,6 +385,21 @@ show_command() { FILEMODE=Yes option=${option#f} ;; + t) + [ $# -eq 1 ] && usage 1 + + case $2 in + mangle|nat|filter) + table=$2 + ;; + *) + fatal_error "Invalid table name ($s)" + ;; + esac + + option= + shift + ;; *) usage 1 ;; @@ -528,10 +543,10 @@ show_command() { show_reset if [ $# -gt 0 ]; then for chain in $*; do - $IPTABLES -L $chain $IPT_OPTIONS + $IPTABLES -t $table -L $chain $IPT_OPTIONS done else - $IPTABLES -L $IPT_OPTIONS + $IPTABLES -t $table -L $IPT_OPTIONS fi ;; esac @@ -715,15 +730,6 @@ restore_command() { fi } -# -# Help information -# -help() -{ - [ -x $HELP ] && { export version; exec $HELP $*; } - echo "Help subsystem is not installed at $HELP" -} - # # Display the time that the counters were last reset # diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 1d0f10e45..4de022a81 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -31,7 +31,7 @@ Shorewall 3.3.6 Please see the "Migration Considerations" below for additional upgrade information. -Problems Corrected in 3.3.5 +Problems Corrected in 3.3.6 None. @@ -40,6 +40,9 @@ Other Changes in 3.3.6 1) Now that the manpages are in place, /etc/shorewall/Documentation has been removed. + Command-specific help has also been removed since it duplicates + information in the man pages. + Migration Considerations: 1) Shorewall supports the notion of "default actions". A default diff --git a/Shorewall/shorewall b/Shorewall/shorewall index dacb7b970..e610b9a50 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -861,7 +861,7 @@ export_command() # $* = original arguments less the command. target=$2 ;; *) - fatal_error "ERROR: Invalid command syntax (\"shorewall help export\" for help)" + fatal_error "ERROR: Invalid command syntax (\"man shorewall\" for help)" ;; esac @@ -900,7 +900,7 @@ usage() # $1 = exit status echo " dump [ -x ]" echo " export [ ] [@]:[]" echo " forget [ ]" - echo " help [ | host | address ]" + echo " help" echo " hits" echo " ipcalc {
/ |
}" echo " ipdecimal {
| }" @@ -916,7 +916,7 @@ usage() # $1 = exit status echo " restart [ -n ] [ ]" echo " restore [ -n ] [ ]" echo " save [ ]" - echo " show [ -x ] [ -m ] [-f] [ [ ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]" + echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [ [ ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]" echo " start [ -f ] [ -n ] [ ]" echo " stop" echo " status" @@ -1456,8 +1456,7 @@ case "$COMMAND" in ;; help) shift - [ $# -ne 1 ] && usage 1 - help $@ + usage ;; safe-restart|safe-start) shift diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 3b3a6c746..79d2bf637 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -112,7 +112,6 @@ fi %attr(0555,root,root) /usr/share/shorewall/compiler %attr(0555,root,root) /usr/share/shorewall/firewall %attr(0777,root,root) /usr/share/shorewall/functions -%attr(0555,root,root) /usr/share/shorewall/help %attr(0444,root,root) /usr/share/shorewall/lib.accounting %attr(0444,root,root) /usr/share/shorewall/lib.actions %attr(0444,root,root) /usr/share/shorewall/lib.base diff --git a/manpages-lite/shorewall-lite.xml b/manpages-lite/shorewall-lite.xml index cfce06fd3..9a70af826 100644 --- a/manpages-lite/shorewall-lite.xml +++ b/manpages-lite/shorewall-lite.xml @@ -70,10 +70,6 @@ -options help - - - command - @@ -187,6 +183,9 @@ + + {||} + chain @@ -406,9 +405,7 @@ help - Displays information about a particular - command. If no command is - given, a syntax summary is displayed. + Displays a syntax summary. @@ -541,6 +538,11 @@ iptables and causes actual packet and byte counts to be displayed. Without this option, those counts are abbreviated. + + The -t option + designates the Netfilter table to be displayed. Without that + option, the filter table is + assumed. diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index 2b0b5a916..f07f5cf07 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -136,10 +136,6 @@ -options help - - - command - @@ -606,9 +602,7 @@ help - Displays information about a particular - command. If no command is - given, a syntax summary is displayed. + Displays a syntax summary.