diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 11f431a75..99c60c1f1 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -1012,8 +1012,7 @@ show_command() {
case "$1" in
connections)
- [ $# -gt 1 ] && usage 1
-
+ show_connections
if [ $g_family -eq 4 ]; then
if [ -d /proc/sys/net/netfilter/ ]; then
local count
@@ -1028,8 +1027,10 @@ show_command() {
echo
if qt mywhich conntrack ; then
- conntrack -f ipv${g_family} -L | show_connections_filter
+ shift
+ conntrack -f ipv4 -L $@ | show_connections_filter
else
+ [ $# -gt 1 ] && usage 1
if [ -f /proc/net/ip_conntrack ]; then
cat /proc/net/ip_conntrack | show_connections_filter
else
@@ -1037,10 +1038,12 @@ show_command() {
fi
fi
elif qt mywhich conntrack ; then
+ shift
echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
echo
- conntrack -f ipv6 -L | show_connections_filter
+ conntrack -f ipv6 -L $@ | show_connections_filter
else
+ [ $# -gt 1 ] && usage 1
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
@@ -1544,7 +1547,9 @@ do_dump_command() {
heading "Conntrack Table"
fi
- if [ $g_family -eq 4 ]; then
+ if qt mywhich conntrack; then
+ conntrack -f ipv${g_family} -L 2> /dev/null
+ elif [ $g_family -eq 4 ]; then
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack
else
grep '^ipv6' /proc/net/nf_conntrack
diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml
index 80287adbe..5f806bd63 100644
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -1243,11 +1243,19 @@
- connections
+ connections
+ [filter_parameter
+ ...]
Displays the IP connections currently being tracked by
the firewall.
+
+ If the conntrack utility is
+ installed, beginning with Shorewall 4.6.11 the set of
+ connections displayed can be limited by including conntrack
+ filter parameters (-p , -s, --dport, etc). See conntrack(8)
+ for details.
diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml
index c055a075d..1897d3067 100644
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@@ -1931,11 +1931,19 @@
- connections
+ connections
+ [filter_parameter
+ ...]
Displays the IP connections currently being tracked by
the firewall.
+
+ If the conntrack utility is
+ installed, beginning with Shorewall 4.6.11 the set of
+ connections displayed can be limited by including conntrack
+ filter parameters (-p , -s, --dport, etc). See conntrack(8)
+ for details.
diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml
index 72bb58971..a411fd08e 100644
--- a/Shorewall6-lite/manpages/shorewall6-lite.xml
+++ b/Shorewall6-lite/manpages/shorewall6-lite.xml
@@ -1216,11 +1216,19 @@
- connections
+ connections
+ [filter_parameter
+ ...]
Displays the IP connections currently being tracked by
the firewall.
+
+ If the conntrack utility is
+ installed, beginning with Shorewall 4.6.11 the set of
+ connections displayed can be limited by including conntrack
+ filter parameters (-p , -s, --dport, etc). See conntrack(8)
+ for details.
diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml
index c5dbf92cd..b7e851568 100644
--- a/Shorewall6/manpages/shorewall6.xml
+++ b/Shorewall6/manpages/shorewall6.xml
@@ -1817,11 +1817,19 @@
- connections
+ connections
+ [filter_parameter
+ ...]
Displays the IP connections currently being tracked by
the firewall.
+
+ If the conntrack utility is
+ installed, beginning with Shorewall 4.6.11 the set of
+ connections displayed can be limited by including conntrack
+ filter parameters (-p , -s, --dport, etc). See conntrack(8)
+ for details.