Remove command-specific help; add -t option to show command

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-21 22:52:07 +00:00
parent 7c80e547c7
commit f6323ea466
13 changed files with 40 additions and 821 deletions

View File

@ -1,304 +0,0 @@
#!/bin/sh
#
# Shorewall help subsystem - V3.3
#
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net)
# Steve Herber (herber@thing.com)
#
# This file should be placed in /usr/share/shorewall-lite/help
#
# Shorewall documentation is available at http://shorewall.sourceforge.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
##################################################################################
case $1 in
address|host)
echo "<$1>:
May be either a host IP address such as 192.168.1.4 or a network address in
CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange
match support then IP address ranges of the form <low address>-<high address>
are also permitted. If your kernel and iptables contain ipset match support
then you may specify the name of an ipset prefaced by "+". The name of the
ipsec may be optionally followed by a number of levels of ipset bindings
(1 - 6) that are to be followed"
;;
allow)
echo "allow: allow <address> ...
Re-enables receipt of packets from hosts previously blacklisted
by a drop or reject command.
shorewall-lite allow, drop, rejct and save implement dynamic blacklisting.
See also \"help address\""
;;
clear)
echo "clear: clear
Clear will remove all rules and chains installed by Shoreline.
The firewall is then wide open and unprotected. Existing
connections are untouched. Clear is often used to see if the
firewall is causing connection problems."
;;
debug)
echo "debug: debug
If you include the keyword debug as the first argument to any
of these commands:
start|stop|restart|reset|clear|add|delete
then a shell trace of the command is produced. For example:
shorewall-lite debug start 2> /tmp/trace
The above command would trace the 'start' command and
place the trace information in the file /tmp/trace.
The word 'trace' is a synonym for 'debug'."
;;
drop)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be ignored
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
dump)
echo "dump: dump
shorewall-lite [-x] dump
Produce a verbose report about the firewall for problem analysis.
(iptables -L -n -)
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
forget)
echo "forget: forget [ <file name> ]
Deletes /var/lib/shorewall-lite/<file name>. If no <file name> is given then
the file specified by RESTOREFILE in shorewall.conf is removed.
See also \"help save\""
;;
help)
echo "help: help [<command> | host | address ]
Display helpful information about the shorewall-lite commands."
;;
hits)
echo "hits: hits
Produces several reports about the Shorewall packet log messages
in the current /var/log/messages file."
;;
ipcalc)
echo "ipcalc: ipcalc { address mask | address/vlsm }
Ipcalc displays the network address, broadcast address,
network in CIDR notation and netmask corresponding to the input[s]."
;;
ipdecimal)
echo "ipdecimal: ipdecimal { <IP address> | <integer> }
Converts an IP address into its 32-bit decimal equivalent and
vice versa"
;;
iprange)
echo "iprange: iprange address1-address2
Iprange decomposes the specified range of IP addresses into the
equivalent list of network/host addresses."
;;
logdrop)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be ignored and loged.
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
logwatch)
echo "logwatch: logwatch [ -m ] [<refresh interval>]
Monitors the LOGFILE, $LOGFILE,
and produces an audible alarm when new Shorewall messages are logged.
If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed."
;;
logreject)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be rejected and logged.
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
reject)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be rejected
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
reset)
echo "reset: reset
All the packet and byte counters in the firewall are reset."
;;
restart)
echo "restart: restart [ -n ] [ <configuration-directory> ]
Restart is the same as a shorewall-lite stop && shorewall-lite start.
Existing connections are maintained.
If \"-n\" is specified, no changes to routing will be made"
;;
restore)
echo "restore: restore [ -n ] [ <file name> ]
Restore Shorewall to a state saved using the 'save' command
Existing connections are maintained. The <file name> names a restore file in
/var/lib/shorewall-lite created using \"shorewall-lite save\"; if no
<file name> is given then Shorewall Lite will be restored from the file
specified by the RESTOREFILE option in shorewall.conf.
If \"-n\" is specified, no changes to routing will be made.
See also \"help save\", \"help compile\" and \"help forget\""
;;
save)
echo "save: save [ <file name> ]
The dynamic data is stored in /var/lib/shorewall-lite/save. The state of the
firewall is stored in /var/lib/shorewall-lite/<file name> for use by the 'shorewall-lite restore'
and 'shorewall-lite -f start' commands. If <file name> is not given then the state is saved
in the file specified by the RESTOREFILE option in shorewall.conf.
shorewall-lite allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help restore\" and \"help forget\""
;;
show)
echo "show: show [ <chain> [ <chain> ...] |actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]
shorewall-lite [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
(iptables -L chain -n -v)
shorewall-lite [-x] show mangle - produce a verbose report about the mangle table.
(iptables -t mangle -L -n -v)
shorewall-lite [-x] show nat - produce a verbose report about the nat table.
(iptables -t nat -L -n -v)
shorewall-lite show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then
MAC addresses in the log entries (if any) are displayed.
shorewall-lite show connections - displays the IP connections currently
being tracked by the firewall.
shorewall-lite show tc - displays information about the traffic
control/shaping configuration.
shorewall-lite show zones - displays the contents of all zones.
shorewall-lite show - [ -f ] capabilities - displays your kernel/iptables capabilities. When \"-f\" is
specified, then the output is suitable for use as /etc/shorewall/capabilities on your administrative
system.
shorewall-lite show ip - produces output equivalent to 'ip addr ls'
shorewall-lite show routing - produces a report about routing rules and tables.
shorewall-lite show config - displays the default CONFIG_PATH and LITEDIR for your distribution
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
start)
echo "start: start [ -f ] [ -n ] [ <configuration-directory> ]
Start Shorewall Lite. Existing connections through shorewall managed
interfaces are untouched. New connections will be allowed only
if they are allowed by the firewall rules or policies.
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
in shorewall.conf will be restored if that saved configuration exists. In that
case, a <configuration-directory> may not be specified.
If \"-n\" is specified, no changes to routing will be made."
;;
stop)
echo "stop: stop
Stops the firewall. All existing connections, except those
listed in routestopped, are taken down.
The only new traffic permitted through the firewall
is from systems listed in routestopped."
;;
status)
echo "status: status
shorewall-lite status
Displays the Shorewall Lite status (running/not-running).
Also displays the Shorewall Lite state as shown in the state diagram at
http://www.shorewall.net/starting_and_stopping_shorewall. The time and
date when that state was reached is also displayed."
;;
trace)
echo "trace: trace
If you include the keyword trace as the first argument to any
of these commands:
start|stop|restart|reset|clear
then a shell trace of the command is produced. For example:
shorewall-lite trace start 2> /tmp/trace
The above command would trace the 'start' command and
place the trace information in the file /tmp/trace.
The word 'debug' is a synonym for 'trace'."
;;
version)
echo "version: version
Show the current Shorewall Lite version which is: $version"
;;
*)
echo "$1: $1 is not recognized by the help command"
;;
esac
exit 0 # always ok

View File

@ -313,13 +313,6 @@ install_file shorecap ${PREFIX}/usr/share/shorewall-lite/shorecap 0555
echo echo
echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap" echo "Capability file builder installed in ${PREFIX}/usr/share/shorewall-lite/shorecap"
# Install the Help file
#
install_file help ${PREFIX}/usr/share/shorewall-lite/help 0544
echo "Help command executor installed in ${PREFIX}/usr/share/shorewall-lite/help"
# #
# Install the Modules file # Install the Modules file
# #

View File

@ -375,7 +375,7 @@ usage() # $1 = exit status
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help [ <command > | host | address ]" echo " help"
echo " hits" echo " hits"
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }" echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
echo " ipdecimal { <address> | <integer> }" echo " ipdecimal { <address> | <integer> }"
@ -881,8 +881,7 @@ case "$COMMAND" in
;; ;;
help) help)
shift shift
[ $# -ne 1 ] && usage 1 usage
help $@
;; ;;
*) *)
usage 1 usage 1

View File

@ -80,7 +80,6 @@ fi
%attr(0444,root,root) /usr/share/shorewall-lite/lib.cli %attr(0444,root,root) /usr/share/shorewall-lite/lib.cli
%attr(0444,root,root) /usr/share/shorewall-lite/modules %attr(0444,root,root) /usr/share/shorewall-lite/modules
%attr(0544,root,root) /usr/share/shorewall-lite/shorecap %attr(0544,root,root) /usr/share/shorewall-lite/shorecap
%attr(0544,root,root) /usr/share/shorewall-lite/help
%attr(0444,root,root) %{_mandir}/man5/shorewall-accounting.5.gz %attr(0444,root,root) %{_mandir}/man5/shorewall-accounting.5.gz
%attr(0444,root,root) %{_mandir}/man5/shorewall-actions.5.gz %attr(0444,root,root) %{_mandir}/man5/shorewall-actions.5.gz

View File

@ -2,6 +2,8 @@ Changes in 3.3.6
1) Remove /etc/shorewall/Documentation. 1) Remove /etc/shorewall/Documentation.
2) Remove /usr/share/shorewall/help.
Changes in 3.3.5 Changes in 3.3.5
1) Restore default route when there are no 'balance' providers. 1) Restore default route when there are no 'balance' providers.

View File

@ -1,467 +0,0 @@
#!/bin/sh
#
# Shorewall help subsystem - V3.3
#
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2003-2006 - Tom Eastep (teastep@shorewall.net)
# Steve Herber (herber@thing.com)
#
# This file should be placed in /usr/share/shorewall/help
#
# Shorewall documentation is available at http://www.shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
##################################################################################
case $1 in
add)
echo "add: add <interface>[:<host-list>] ... <zone>
Adds a list of hosts or subnets to a dynamic zone usually used with VPN's.
shorewall add interface:host-list ... zone - Adds the specified interface
(and host-list if included) to the specified zone.
A host-list is a comma-separated list whose elements are:
A host or network address
The name of a bridge port
The name of a bridge port followed by a colon (":") and a host or
network address.
Example:
shorewall add ipsec0:192.0.2.24 vpn1 -- adds the address 192.0.2.24
from interface ipsec0 to the zone vpn1.
See also \"help host\""
;;
address|host)
echo "<$1>:
May be either a host IP address such as 192.168.1.4 or a network address in
CIDR format like 192.168.1.0/24. If your kernel and iptables contain iprange
match support then IP address ranges of the form <low address>-<high address>
are also permitted. If your kernel and iptables contain ipset match support
then you may specify the name of an ipset prefaced by "+". The name of the
ipsec may be optionally followed by a number of levels of ipset bindings
(1 - 6) that are to be followed"
;;
allow)
echo "allow: allow <address> ...
Re-enables receipt of packets from hosts previously blacklisted
by a drop or reject command.
Shorewall allow, drop, rejct and save implement dynamic blacklisting.
See also \"help address\""
;;
check)
echo "check: check [ -e ] [ <configuration-directory> ]
Performs a cursory validation of the zones, interfaces, hosts,
rules, policy, masq, blacklist, proxyarp, nat and provider files. Use this
if you are unsure of any edits you have made to the shorewall configuration.
See the try command examples for a recommended way to make changes.
The \"-e\" option causes Shorewall to use the /etc/shorewall/capabilities
file to determine the capabilities of the target system rather than probing
for them on the local system."
;;
clear)
echo "clear: clear
Clear will remove all rules and chains installed by Shoreline.
The firewall is then wide open and unprotected. Existing
connections are untouched. Clear is often used to see if the
firewall is causing connection problems."
;;
compile)
echo "compile: compile [ -e ] [ <directory name> ] <path name>
Compiles the current configuration into the executable file
<path name>. If <path name> names a file in /var/lib/shorewall then
the file may be executed using the \"restore\" command.
When -e is specified, the compilation is being performed on a system
other than where the compiled script will run. This option disables
certain configuration options that require the script to be compiled
where it is to be run.
Additional distributions are expected to be supported shortly."
;;
debug)
echo "debug: debug
If you include the keyword debug as the first argument to any
of these commands:
start|stop|restart|reset|clear|refresh|check|add|delete|compile
then a shell trace of the command is produced. For example:
shorewall debug start 2> /tmp/trace
The above command would trace the 'start' command and
place the trace information in the file /tmp/trace.
The word 'trace' is a synonym for 'debug'."
;;
delete)
echo "delete: delete <interface>[:<host-list>] ... <zone>
Deletes a list of hosts or networks from a dynamic zone usually used with VPN's.
shorewall delete interface[:host-list] ... zone - Deletes the specified
interfaces (and host list if included) from the specified zone.
A host-list is a comma-separated list whose elements are:
A host or network address
The name of a bridge port
The name of a bridge port followed by a colon (":") and a host or
network address.
Example:
shorewall delete ipsec0:192.0.2.24 vpn1 -- deletes the address
192.0.2.24 from interface ipsec0 from zone vpn1
See also \"help host\""
;;
drop)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be ignored
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
dump)
echo "dump: dump
shorewall [-x] dump
Produce a verbose report about the firewall for problem analysis.
(iptables -L -n -)
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
export)
echo "export: export [ <directory1> ] <target>
If <directory1> is omitted, then the current working directory is assumed.
Causes the shorewall configuration in <directory1> to be compiled into a
program called '<directory1>/firewall'. If compilation is successful,
the '<directory1>/firewall' script is copied via scp to the specified
<target>
<target> is of the form [user@]<system>:[<directory1>]
Example:
shorewall export admin@gateway:~
This command would compile the configuration in the current working directory
then copy the 'firewall' (and firewall.conf) files to admin's home directory
on system 'gateway'"
;;
forget)
echo "forget: forget [ <file name> ]
Deletes /var/lib/shorewall/<file name>. If no <file name> is given then
the file specified by RESTOREFILE in shorewall.conf is removed.
See also \"help save\""
;;
help)
echo "help: help [<command> | host | address ]
Display helpful information about the shorewall commands."
;;
hits)
echo "hits: hits
Produces several reports about the Shorewall packet log messages
in the current /var/log/messages file."
;;
ipcalc)
echo "ipcalc: ipcalc { address mask | address/vlsm }
Ipcalc displays the network address, broadcast address,
network in CIDR notation and netmask corresponding to the input[s]."
;;
ipdecimal)
echo "ipdecimal: ipdecimal { <IP address> | <integer> }
Converts an IP address into its 32-bit decimal equivalent and
vice versa"
;;
iprange)
echo "iprange: iprange address1-address2
Iprange decomposes the specified range of IP addresses into the
equivalent list of network/host addresses."
;;
load)
echo "load: load [ -s ] [ -c ] [ <directory> ] <system>
If <directory> is omitted, then the current working directory is assumed.
Requires that Shorewall Lite be installed on the named <system>.
Causes the shorewall configuration in <directory> to be compiled into a
program called '<directory>/firewall'. If compilation is successful,
the '<directory>/firewall' script is copied via scp to the
${LITEDIR} directory on <system>. If the script is copied
successfully, Shorewall Lite on <system> is started via ssh.
If the -s option is given and Shorewall Lite starts successfully then
ssh is used to execute 'shorewall-lite save' on <system>
If the -c option is given, Shorewall will capture the remote system's
capabilities to <directory>/capabilities before compiling"
;;
logdrop)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be ignored and loged.
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
logwatch)
echo "logwatch: logwatch [ -m ] [<refresh interval>]
Monitors the LOGFILE, $LOGFILE,
and produces an audible alarm when new Shorewall messages are logged.
If \"-m\" is specified, then MAC addresses in the log entries (if any) are displayed."
;;
logreject)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be rejected and logged.
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
refresh)
echo "refresh: refresh
The rules involving the broadcast addresses of firewall interfaces,
the black list, and ECN control rules are recreated to reflect any
changes made. Existing connections are untouched."
;;
reject)
echo "$1: $1 <address> ...
Causes packets from the specified <address> to be rejected
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help address\""
;;
reset)
echo "reset: reset
All the packet and byte counters in the firewall are reset."
;;
reload)
echo "reload: reload [ -s ] [ -c ] [ <directory> ] <system>
If <directory> is omitted, then the current working directory is assumed.
Requires that Shorewall Lite be installed on the named <system>.
Causes the shorewall configuration in <directory> to be compiled into a
program called '<directory>/firewall'. If compilation is successful,
the '<directory>/firewall' script is copied via scp to the
${LITEDIR} directory on <system>. If the script is copied
successfully, Shorewall Lite on <system> is restarted via ssh.
If the -s option is given and Shorewall Lite restarts successfully then
ssh is used to execute 'shorewall-lite save' on <system>
If the -c option is given, Shorewall will capture the remote system's
capabilities to <directory>/capabilities before compiling"
;;
restart)
echo "restart: restart [ -n ] [ <configuration-directory> ]
Restart is the same as a shorewall stop && shorewall start.
Existing connections are maintained.
If \"-n\" is specified, no changes to routing will be made"
;;
safe-restart)
echo "safe-restart: safe-restart
Restart the same way as a shorewall restart except that previous firewall
configuration is backed up and will be restored if you notice any anomalies
or you are not able to reach the firewall any more."
;;
safe-start)
echo "safe-start: safe-start
Start the same way as a shorewall start except that in case of anomalies
shorewall clear is issued. "
;;
restore)
echo "restore: restore [ -n ] [ <file name> ]
Restore Shorewall to a state saved using the 'save' command
Existing connections are maintained. The <file name> names a restore file in
/var/lib/shorewall created using \"shorewall save\"; if no <file name> is given
then Shorewall will be restored from the file specified by the RESTOREFILE
option in shorewall.conf.
If \"-n\" is specified, no changes to routing will be made.
See also \"help save\", \"help compile\" and \"help forget\""
;;
save)
echo "save: save [ <file name> ]
The dynamic data is stored in /var/lib/shorewall/save. The state of the
firewall is stored in /var/lib/shorewall/<file name> for use by the 'shorewall restore'
and 'shorewall -f start' commands. If <file name> is not given then the state is saved
in the file specified by the RESTOREFILE option in shorewall.conf.
Shorewall allow, drop, logdrop, logreject, reject and save implement dynamic blacklisting.
See also \"help restore\" and \"help forget\""
;;
show)
echo "show: show [ <chain> [ <chain> ...] |actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
(iptables -L chain -n -v)
shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
shorewall [-x] show mangle - produce a verbose report about the mangle table.
(iptables -t mangle -L -n -v)
shorewall [-x] show nat - produce a verbose report about the nat table.
(iptables -t nat -L -n -v)
shorewall show [ -m ] log - display the last 20 packet log entries. If \"-m\" is specified, then
MAC addresses in the log entries (if any) are displayed.
shorewall show macros -- displays the standard macros.
shorewall show connections - displays the IP connections currently
being tracked by the firewall.
shorewall show tc - displays information about the traffic
control/shaping configuration.
shorewall show zones - displays the contents of all zones.
shorewall show [ -f ] capabilities - displays your kernel/iptables capabilities. When \"-f\" is
specified, then the output is suitable for use as /etc/shorewall/capabilities.
shorewall show ip - produces output equivalent to 'ip addr ls'
shorewall show routing - produces a report about routing rules and tables.
shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
;;
start)
echo "start: start [ -f ] [ -n ] [ <configuration-directory> ]
Start shorewall. Existing connections through shorewall managed
interfaces are untouched. New connections will be allowed only
if they are allowed by the firewall rules or policies.
If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
in shorewall.conf will be restored if that saved configuration exists. In that
case, a <configuration-directory> may not be specified.
If \"-n\" is specified, no changes to routing will be made."
;;
stop)
echo "stop: stop
Stops the firewall. All existing connections, except those
listed in /etc/shorewall/routestopped, are taken down.
The only new traffic permitted through the firewall
is from systems listed in /etc/shorewall/routestopped."
;;
status)
echo "status: status
shorewall status
Displays the Shorewall status (running/not-running).
Also displays the Shorewall state as shown in the state diagram at
http://www.shorewall.net/starting_and_stopping_shorewall. The time and
date when that state was reached is also displayed."
;;
trace)
echo "trace: trace
If you include the keyword trace as the first argument to any
of these commands:
start|stop|restart|reset|clear|refresh|check|add|delete|compile
then a shell trace of the command is produced. For example:
shorewall trace start 2> /tmp/trace
The above command would trace the 'start' command and
place the trace information in the file /tmp/trace.
The word 'debug' is a synonym for 'trace'."
;;
try)
echo "try: try [ -n ] <configuration-directory> [ <timeout> ]
Restart shorewall using the specified configuration. If an error
occurs during the restart, then another shorewall restart is performed
using the default configuration. If a timeout is specified then
the restart is always performed after the timeout occurs and uses
the default configuration.
The \"-n\" option will be passed down to the underlying commands (see
'start', 'restart' and 'restore')"
;;
version)
echo "version: version
Show the current shorewall version which is: $version"
;;
*)
echo "$1: $1 is not recognized by the help command"
;;
esac
exit 0 # always ok

View File

@ -295,12 +295,6 @@ install_file compiler ${PREFIX}/usr/share/shorewall/compiler 0555
echo echo
echo "Compiler installed in ${PREFIX}/usr/share/shorewall/compiler" echo "Compiler installed in ${PREFIX}/usr/share/shorewall/compiler"
# Install the Help file
#
install_file help ${PREFIX}/usr/share/shorewall/help 0555
echo "Help command executor installed in ${PREFIX}/usr/share/shorewall/help"
# #
# Install the policy file # Install the policy file
# #

View File

@ -355,7 +355,7 @@ show_routing() {
# Show Command Executor # Show Command Executor
# #
show_command() { show_command() {
local finished=0 local finished=0 local table=filter
while [ $finished -eq 0 -a $# -gt 0 ]; do while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1 option=$1
@ -385,6 +385,21 @@ show_command() {
FILEMODE=Yes FILEMODE=Yes
option=${option#f} option=${option#f}
;; ;;
t)
[ $# -eq 1 ] && usage 1
case $2 in
mangle|nat|filter)
table=$2
;;
*)
fatal_error "Invalid table name ($s)"
;;
esac
option=
shift
;;
*) *)
usage 1 usage 1
;; ;;
@ -528,10 +543,10 @@ show_command() {
show_reset show_reset
if [ $# -gt 0 ]; then if [ $# -gt 0 ]; then
for chain in $*; do for chain in $*; do
$IPTABLES -L $chain $IPT_OPTIONS $IPTABLES -t $table -L $chain $IPT_OPTIONS
done done
else else
$IPTABLES -L $IPT_OPTIONS $IPTABLES -t $table -L $IPT_OPTIONS
fi fi
;; ;;
esac esac
@ -715,15 +730,6 @@ restore_command() {
fi fi
} }
#
# Help information
#
help()
{
[ -x $HELP ] && { export version; exec $HELP $*; }
echo "Help subsystem is not installed at $HELP"
}
# #
# Display the time that the counters were last reset # Display the time that the counters were last reset
# #

View File

@ -31,7 +31,7 @@ Shorewall 3.3.6
Please see the "Migration Considerations" below for additional upgrade Please see the "Migration Considerations" below for additional upgrade
information. information.
Problems Corrected in 3.3.5 Problems Corrected in 3.3.6
None. None.
@ -40,6 +40,9 @@ Other Changes in 3.3.6
1) Now that the manpages are in place, /etc/shorewall/Documentation 1) Now that the manpages are in place, /etc/shorewall/Documentation
has been removed. has been removed.
Command-specific help has also been removed since it duplicates
information in the man pages.
Migration Considerations: Migration Considerations:
1) Shorewall supports the notion of "default actions". A default 1) Shorewall supports the notion of "default actions". A default

View File

@ -861,7 +861,7 @@ export_command() # $* = original arguments less the command.
target=$2 target=$2
;; ;;
*) *)
fatal_error "ERROR: Invalid command syntax (\"shorewall help export\" for help)" fatal_error "ERROR: Invalid command syntax (\"man shorewall\" for help)"
;; ;;
esac esac
@ -900,7 +900,7 @@ usage() # $1 = exit status
echo " dump [ -x ]" echo " dump [ -x ]"
echo " export [ <directory1> ] [<user>@]<system>:[<directory2>]" echo " export [ <directory1> ] [<user>@]<system>:[<directory2>]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help [ <command > | host | address ]" echo " help"
echo " hits" echo " hits"
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }" echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
echo " ipdecimal { <address> | <integer> }" echo " ipdecimal { <address> | <integer> }"
@ -916,7 +916,7 @@ usage() # $1 = exit status
echo " restart [ -n ] [ <directory> ]" echo " restart [ -n ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [-f] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]" echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle|nat} ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|ip|log|macros|mangle|nat|routing|tc|zones]"
echo " start [ -f ] [ -n ] [ <directory> ]" echo " start [ -f ] [ -n ] [ <directory> ]"
echo " stop" echo " stop"
echo " status" echo " status"
@ -1456,8 +1456,7 @@ case "$COMMAND" in
;; ;;
help) help)
shift shift
[ $# -ne 1 ] && usage 1 usage
help $@
;; ;;
safe-restart|safe-start) safe-restart|safe-start)
shift shift

View File

@ -112,7 +112,6 @@ fi
%attr(0555,root,root) /usr/share/shorewall/compiler %attr(0555,root,root) /usr/share/shorewall/compiler
%attr(0555,root,root) /usr/share/shorewall/firewall %attr(0555,root,root) /usr/share/shorewall/firewall
%attr(0777,root,root) /usr/share/shorewall/functions %attr(0777,root,root) /usr/share/shorewall/functions
%attr(0555,root,root) /usr/share/shorewall/help
%attr(0444,root,root) /usr/share/shorewall/lib.accounting %attr(0444,root,root) /usr/share/shorewall/lib.accounting
%attr(0444,root,root) /usr/share/shorewall/lib.actions %attr(0444,root,root) /usr/share/shorewall/lib.actions
%attr(0444,root,root) /usr/share/shorewall/lib.base %attr(0444,root,root) /usr/share/shorewall/lib.base

View File

@ -70,10 +70,6 @@
<arg>-options</arg> <arg>-options</arg>
<command>help</command> <command>help</command>
<group>
<arg choice="plain">command</arg>
</group>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -187,6 +183,9 @@
<arg><option>-x</option></arg> <arg><option>-x</option></arg>
<arg><option>-t</option>
{<option>filter</option>|<option>mangle</option>|<option>nat</option>}</arg>
<arg rep="repeat">chain</arg> <arg rep="repeat">chain</arg>
</cmdsynopsis> </cmdsynopsis>
@ -406,9 +405,7 @@
<term><emphasis role="bold">help</emphasis></term> <term><emphasis role="bold">help</emphasis></term>
<listitem> <listitem>
<para>Displays information about a particular <para>Displays a syntax summary.</para>
<emphasis>command</emphasis>. If no <emphasis>command</emphasis> is
given, a syntax summary is displayed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -541,6 +538,11 @@
iptables and causes actual packet and byte counts to be iptables and causes actual packet and byte counts to be
displayed. Without this option, those counts are displayed. Without this option, those counts are
abbreviated.</para> abbreviated.</para>
<para>The <emphasis role="bold">-t</emphasis> option
designates the Netfilter table to be displayed. Without that
option, the <emphasis role="bold">filter</emphasis> table is
assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

View File

@ -136,10 +136,6 @@
<arg>-options</arg> <arg>-options</arg>
<command>help</command> <command>help</command>
<group>
<arg choice="plain">command</arg>
</group>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -606,9 +602,7 @@
<term><emphasis role="bold">help</emphasis></term> <term><emphasis role="bold">help</emphasis></term>
<listitem> <listitem>
<para>Displays information about a particular <para>Displays a syntax summary.</para>
<emphasis>command</emphasis>. If no <emphasis>command</emphasis> is
given, a syntax summary is displayed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>