mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Add 'shorewall show config' command to display distribution-specific defaults
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4130 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
3cd962fc61
commit
fb89790044
@ -205,7 +205,7 @@ save)
|
||||
;;
|
||||
|
||||
show)
|
||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|macros|mangle|nat|tc|zones]
|
||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|config|connections|log|macros|mangle|nat|tc|zones]
|
||||
|
||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||
(iptables -L chain -n -v)
|
||||
@ -229,6 +229,8 @@ show)
|
||||
|
||||
shorewall show capabilities - displays your kernel/iptables capabilities
|
||||
|
||||
shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
|
@ -683,81 +683,86 @@ show_command() {
|
||||
|
||||
[ -n "$debugging" ] && set -x
|
||||
case "$1" in
|
||||
connections)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Connections at $HOSTNAME - $(date)"
|
||||
echo
|
||||
cat /proc/net/ip_conntrack
|
||||
;;
|
||||
nat)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version NAT Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t nat -L $IPT_OPTIONS
|
||||
;;
|
||||
tos|mangle)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Mangle Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t mangle -L $IPT_OPTIONS
|
||||
;;
|
||||
log)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Log at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
packet_log 20
|
||||
;;
|
||||
tc)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Traffic Control at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_tc
|
||||
;;
|
||||
classifiers)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Clasifiers at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_classifiers
|
||||
;;
|
||||
zones)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
if [ -f ${VARDIR}/zones ]; then
|
||||
echo "Shorewall Lite $version Zones at $HOSTNAME - $(date)"
|
||||
connections)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Connections at $HOSTNAME - $(date)"
|
||||
echo
|
||||
while read zone type hosts; do
|
||||
echo "$zone ($type)"
|
||||
for host in $hosts; do
|
||||
echo " $host"
|
||||
cat /proc/net/ip_conntrack
|
||||
;;
|
||||
nat)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version NAT Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t nat -L $IPT_OPTIONS
|
||||
;;
|
||||
tos|mangle)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Mangle Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t mangle -L $IPT_OPTIONS
|
||||
;;
|
||||
log)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Log at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
packet_log 20
|
||||
;;
|
||||
tc)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Traffic Control at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_tc
|
||||
;;
|
||||
classifiers)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall Lite $version Clasifiers at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_classifiers
|
||||
;;
|
||||
zones)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
if [ -f ${VARDIR}/zones ]; then
|
||||
echo "Shorewall Lite $version Zones at $HOSTNAME - $(date)"
|
||||
echo
|
||||
while read zone type hosts; do
|
||||
echo "$zone ($type)"
|
||||
for host in $hosts; do
|
||||
echo " $host"
|
||||
done
|
||||
done < ${VARDIR}/zones
|
||||
echo
|
||||
else
|
||||
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
capabilities)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
determine_capabilities
|
||||
VERBOSE=2
|
||||
report_capabilities
|
||||
;;
|
||||
config)
|
||||
. ${SHAREDIR}/configpath
|
||||
echo "Default CONFIG_PATH is $CONFIG_PATH"
|
||||
echo "LITEDIR is $LITEDIR"
|
||||
;;
|
||||
*)
|
||||
echo "Shorewall Lite $version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
if [ $# -gt 0 ]; then
|
||||
for chain in $*; do
|
||||
$IPTABLES -L $chain $IPT_OPTIONS
|
||||
done
|
||||
done < ${VARDIR}/zones
|
||||
echo
|
||||
else
|
||||
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
capabilities)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
determine_capabilities
|
||||
VERBOSE=2
|
||||
report_capabilities
|
||||
;;
|
||||
*)
|
||||
echo "Shorewall Lite $version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
if [ $# -gt 0 ]; then
|
||||
for chain in $*; do
|
||||
$IPTABLES -L $chain $IPT_OPTIONS
|
||||
done
|
||||
else
|
||||
$IPTABLES -L $IPT_OPTIONS
|
||||
fi
|
||||
;;
|
||||
else
|
||||
$IPTABLES -L $IPT_OPTIONS
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
#
|
||||
@ -977,7 +982,7 @@ usage() # $1 = exit status
|
||||
echo " restart [ -n ] [ <directory> ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|mangle|nat|tc|zones]"
|
||||
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|log|mangle|nat|tc|zones]"
|
||||
echo " start [ -f ] [ -n ] [ <directory> ]"
|
||||
echo " stop"
|
||||
echo " status"
|
||||
|
@ -308,7 +308,7 @@ save)
|
||||
;;
|
||||
|
||||
show)
|
||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|macros|mangle|nat|tc|zones]
|
||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|config|connections|log|macros|mangle|nat|tc|zones]
|
||||
|
||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||
(iptables -L chain -n -v)
|
||||
@ -336,6 +336,8 @@ show)
|
||||
|
||||
shorewall show capabilities - displays your kernel/iptables capabilities
|
||||
|
||||
shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
|
@ -889,105 +889,110 @@ show_command() {
|
||||
|
||||
[ -n "$debugging" ] && set -x
|
||||
case "$1" in
|
||||
connections)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Connections at $HOSTNAME - $(date)"
|
||||
echo
|
||||
cat /proc/net/ip_conntrack
|
||||
;;
|
||||
nat)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version NAT Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t nat -L $IPT_OPTIONS
|
||||
;;
|
||||
tos|mangle)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Mangle Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t mangle -L $IPT_OPTIONS
|
||||
;;
|
||||
log)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Log at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
packet_log 20
|
||||
;;
|
||||
tc)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Traffic Control at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_tc
|
||||
;;
|
||||
classifiers)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Clasifiers at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_classifiers
|
||||
;;
|
||||
zones)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
if [ -f ${VARDIR}/zones ]; then
|
||||
echo "Shorewall-$version Zones at $HOSTNAME - $(date)"
|
||||
connections)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Connections at $HOSTNAME - $(date)"
|
||||
echo
|
||||
while read zone type hosts; do
|
||||
echo "$zone ($type)"
|
||||
for host in $hosts; do
|
||||
echo " $host"
|
||||
done
|
||||
done < ${VARDIR}/zones
|
||||
cat /proc/net/ip_conntrack
|
||||
;;
|
||||
nat)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version NAT Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
else
|
||||
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
capabilities)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
determine_capabilities
|
||||
VERBOSE=2
|
||||
report_capabilities
|
||||
;;
|
||||
actions)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "allowBcast # Silently Allow Broadcast/multicast"
|
||||
echo "dropBcast # Silently Drop Broadcast/multicast"
|
||||
echo "dropNotSyn # Silently Drop Non-syn TCP packets"
|
||||
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
||||
echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state"
|
||||
echo "allowInvalid # Accept packets that are in the INVALID conntrack state."
|
||||
echo "allowoutUPnP # Allow traffic from local command 'upnpd'"
|
||||
echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic"
|
||||
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
||||
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
|
||||
;;
|
||||
macros)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
for macro in ${SHAREDIR}/macro.*; do
|
||||
foo=`grep 'This macro' $macro | head -n 1`
|
||||
if [ -n "$foo" ]; then
|
||||
macro=${macro#*.}
|
||||
foo=${foo%.*}
|
||||
echo " $macro ${foo#\#}" | sed 's/This macro //'
|
||||
show_reset
|
||||
$IPTABLES -t nat -L $IPT_OPTIONS
|
||||
;;
|
||||
tos|mangle)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Mangle Table at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
$IPTABLES -t mangle -L $IPT_OPTIONS
|
||||
;;
|
||||
log)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Log at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
packet_log 20
|
||||
;;
|
||||
tc)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Traffic Control at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_tc
|
||||
;;
|
||||
classifiers)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "Shorewall-$version Clasifiers at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_classifiers
|
||||
;;
|
||||
zones)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
if [ -f ${VARDIR}/zones ]; then
|
||||
echo "Shorewall-$version Zones at $HOSTNAME - $(date)"
|
||||
echo
|
||||
while read zone type hosts; do
|
||||
echo "$zone ($type)"
|
||||
for host in $hosts; do
|
||||
echo " $host"
|
||||
done
|
||||
done < ${VARDIR}/zones
|
||||
echo
|
||||
else
|
||||
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
;;
|
||||
*)
|
||||
echo "Shorewall-$version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
if [ $# -gt 0 ]; then
|
||||
for chain in $*; do
|
||||
$IPTABLES -L $chain $IPT_OPTIONS
|
||||
;;
|
||||
capabilities)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
determine_capabilities
|
||||
VERBOSE=2
|
||||
report_capabilities
|
||||
;;
|
||||
actions)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
echo "allowBcast # Silently Allow Broadcast/multicast"
|
||||
echo "dropBcast # Silently Drop Broadcast/multicast"
|
||||
echo "dropNotSyn # Silently Drop Non-syn TCP packets"
|
||||
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
||||
echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state"
|
||||
echo "allowInvalid # Accept packets that are in the INVALID conntrack state."
|
||||
echo "allowoutUPnP # Allow traffic from local command 'upnpd'"
|
||||
echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic"
|
||||
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
||||
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
|
||||
;;
|
||||
macros)
|
||||
[ $# -gt 1 ] && usage 1
|
||||
for macro in ${SHAREDIR}/macro.*; do
|
||||
foo=`grep 'This macro' $macro | head -n 1`
|
||||
if [ -n "$foo" ]; then
|
||||
macro=${macro#*.}
|
||||
foo=${foo%.*}
|
||||
echo " $macro ${foo#\#}" | sed 's/This macro //'
|
||||
fi
|
||||
done
|
||||
else
|
||||
$IPTABLES -L $IPT_OPTIONS
|
||||
fi
|
||||
;;
|
||||
;;
|
||||
config)
|
||||
. ${SHAREDIR}/configpath
|
||||
echo "Default CONFIG_PATH is $CONFIG_PATH"
|
||||
echo "LITEDIR is $LITEDIR"
|
||||
;;
|
||||
*)
|
||||
echo "Shorewall-$version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
||||
echo
|
||||
show_reset
|
||||
if [ $# -gt 0 ]; then
|
||||
for chain in $*; do
|
||||
$IPTABLES -L $chain $IPT_OPTIONS
|
||||
done
|
||||
else
|
||||
$IPTABLES -L $IPT_OPTIONS
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
}
|
||||
#
|
||||
@ -1347,7 +1352,7 @@ usage() # $1 = exit status
|
||||
echo " restart [ -n ] [ <directory> ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
|
||||
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|log|macros|mangle|nat|tc|zones]"
|
||||
echo " start [ -f ] [ -n ] [ <directory> ]"
|
||||
echo " stop"
|
||||
echo " status"
|
||||
|
@ -339,7 +339,8 @@ MODULESDIR=
|
||||
# to the front of this list.
|
||||
#
|
||||
# If not specified or specified as null ("CONFIG_PATH=""),
|
||||
# CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
|
||||
# the default is distribution-defined. See the output of "shorewall show
|
||||
# config" to find the default value on your distribution.
|
||||
#
|
||||
|
||||
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
||||
|
@ -247,9 +247,16 @@
|
||||
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||
from shorewall.net. The package maintainers for the various
|
||||
distributions are free to choose the directory where the script
|
||||
will be stored under their distribution. You can look in your
|
||||
/usr/share/shorewall/configpath file to see what your
|
||||
distribution defines for the value of LITEDIR.</para>
|
||||
will be stored under their distribution. See the output of
|
||||
<command>shorewall[-lite] show config</command> for the value of
|
||||
LITEDIR on your distribution.</para>
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||
LITEDIR is /var/lib/shorewall-lite
|
||||
gateway:~ #</programlisting>
|
||||
</note>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
@ -398,6 +405,23 @@
|
||||
<programlisting><command>cd <configuration directory></command>
|
||||
<command>/sbin/shorewall compile -e . firewall</command>
|
||||
<command>scp firewall root@<firewall system>:/var/lib/shorewall-lite/</command></programlisting>
|
||||
|
||||
<note>
|
||||
<para>The 'firewall' script is in <filename
|
||||
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||
from shorewall.net. The package maintainers for the various
|
||||
distributions are free to choose the directory where the script
|
||||
will be stored under their distribution. See the output of
|
||||
<command>shorewall[-lite] show config</command> for the value of
|
||||
LITEDIR on your distribution.</para>
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||
LITEDIR is /var/lib/shorewall-lite
|
||||
gateway:~ #</programlisting>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -433,10 +457,13 @@
|
||||
<programlisting>teastep@wookie:~$ <command>cd Configs/gateway</command>
|
||||
teastep@wookie:~/Configs/gateway$ <command>/sbin/shorewall reload gateway</command>
|
||||
Compiling...
|
||||
Shorewall configuration compiled to firewall
|
||||
firewall 100% 29KB 29.3KB/s 00:00
|
||||
Shorewall configuration compiled to ./firewall
|
||||
Copying ./firewall to gateway:/var/lib/shorewall-lite...
|
||||
firewall 100% 67KB 66.7KB/s 00:00
|
||||
Copy complete
|
||||
Restarting Shorewall Lite....
|
||||
done.
|
||||
System gateway reloaded
|
||||
teastep@wookie:~/Configs/gateway$</programlisting>
|
||||
</blockquote>
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>2006-06-12</pubdate>
|
||||
<pubdate>2006-06-17</pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2006</year>
|
||||
@ -3058,8 +3058,9 @@ $FW chld ACCEPT</programlisting>
|
||||
<filename>/usr/share/shorewall/configpath</filename> are used. As
|
||||
released from shorewall.net, that file sets the CONFIG_PATH to
|
||||
<emphasis role="bold">/etc/shorewall:/usr/share/shorewall
|
||||
</emphasis>but your particular distribution may set it
|
||||
differently.</para>
|
||||
</emphasis>but your particular distribution may set it differently.
|
||||
See the output of <command>shorewall show config</command> for the
|
||||
default on your system.</para>
|
||||
|
||||
<para>Note that the setting in
|
||||
<filename>/usr/share/shorewall/configpath</filename> is always used
|
||||
|
@ -166,6 +166,23 @@
|
||||
firewall program. The program is generated using the
|
||||
<command>shorewall compile -e</command> command on a system with the
|
||||
full Shorewall product installed.</para>
|
||||
|
||||
<note>
|
||||
<para>The 'firewall' script is in <filename
|
||||
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||
from shorewall.net. The package maintainers for the various
|
||||
distributions are free to choose the directory where the script will
|
||||
be stored under their distribution. See the output of
|
||||
<command>shorewall[-lite] show config</command> for the value of
|
||||
LITEDIR on your distribution.</para>
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||
LITEDIR is /var/lib/shorewall-lite
|
||||
gateway:~ #</programlisting>
|
||||
</note>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
@ -982,9 +999,16 @@
|
||||
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||
from shorewall.net. The package maintainers for the various
|
||||
distributions are free to choose the directory where the script
|
||||
will be stored under their distribution. You can look in your
|
||||
/usr/share/shorewall/configpath file to see what your distribution
|
||||
defines for the value of LITEDIR.</para>
|
||||
will be stored under their distribution. See the output of
|
||||
<command>shorewall[-lite] show config</command> for the value of
|
||||
LITEDIR on your distribution.</para>
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||
LITEDIR is /var/lib/shorewall-lite
|
||||
gateway:~ #</programlisting>
|
||||
</note>
|
||||
|
||||
<para>Example: <command>shorewall reload gateway</command></para>
|
||||
@ -1128,6 +1152,9 @@
|
||||
displays information about the traffic control/shaping
|
||||
classifiers.</para>
|
||||
|
||||
<para><command>shorewall[-lite] show config</command> - displays the
|
||||
default CONFIG_PATH and LITEDIR for your distribution.</para>
|
||||
|
||||
<para><command>shorewall [ -x ] show macros (Not supported by
|
||||
Shorewall Lite)</command> — produces a list of macros available on
|
||||
the system.</para>
|
||||
|
Loading…
Reference in New Issue
Block a user