forked from extern/shorewall_code
Add 'show capabilities'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2052 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
d5752af95d
commit
134019c40e
@ -15,6 +15,8 @@ Changes in 2.2.4
|
||||
|
||||
7) Add support for SAME
|
||||
|
||||
8) Add 'shorewall show capabilities'
|
||||
|
||||
Changes in 2.2.3
|
||||
|
||||
1) Added the 'continue' extension script.
|
||||
|
||||
@ -2826,6 +2826,12 @@ check_config() {
|
||||
[ -n "$PHYSDEV_MATCH" ] || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables"
|
||||
fi
|
||||
|
||||
[ "$MACLIST_TTL" = "0" ] && MACLIST_TTL=
|
||||
|
||||
if [ -n "$MACLIST_TTL" -a -z "$RECENT_MATCH" ]; then
|
||||
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
|
||||
fi
|
||||
|
||||
echo "Determining Zones..."
|
||||
|
||||
determine_zones
|
||||
@ -5743,6 +5749,11 @@ initialize_netfilter () {
|
||||
[ -n "$PHYSDEV_MATCH" ] || startup_error "BRIDGING=Yes requires Physdev Match support in your Kernel and iptables"
|
||||
fi
|
||||
|
||||
[ "$MACLIST_TTL" = "0" ] && MACLIST_TTL=
|
||||
|
||||
if [ -n "$MACLIST_TTL" -a -z "$RECENT_MATCH" ]; then
|
||||
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
|
||||
fi
|
||||
|
||||
[ -n "$RFC1918_STRICT" -a -z "$CONNTRACK_MATCH" ] && \
|
||||
startup_error "RFC1918_STRICT=Yes requires Connection Tracking match"
|
||||
@ -7562,12 +7573,6 @@ do_initialize() {
|
||||
LOGTAGONLY=$(added_param_value_no LOGTAGONLY $LOGTAGONLY)
|
||||
DROPINVALID=$(added_param_value_yes DROPINVALID $DROPINVALID)
|
||||
RFC1918_STRICT=$(added_param_value_no RFC1918_STRICT $RFC1918_STRICT)
|
||||
|
||||
[ "$MACLIST_TTL" = "0" ] && MACLIST_TTL=
|
||||
|
||||
if [ -n "$MACLIST_TTL" -a -z "$RECENT_MATCH" ]; then
|
||||
startup_error "MACLIST_TTL requires the Recent Match capability which is not present in your Kernel and/or iptables"
|
||||
fi
|
||||
#
|
||||
# Strip the files that we use often
|
||||
#
|
||||
@ -7752,6 +7757,10 @@ case "$COMMAND" in
|
||||
EMPTY=
|
||||
$@
|
||||
;;
|
||||
capabilities)
|
||||
do_initialize
|
||||
report_capabilities
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
|
||||
@ -254,6 +254,8 @@ show)
|
||||
|
||||
shorewall show zones - displays the contents of all zones.
|
||||
|
||||
shorewall show capabilities - displays your kernel/iptables capabilities
|
||||
|
||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||
;;
|
||||
|
||||
|
||||
@ -127,6 +127,30 @@ New Features in version 2.2.4
|
||||
the keyword SAME replacing DNAT. As in the masq file, changing the
|
||||
port number is not supported.
|
||||
|
||||
5) A "shorewall show capabilities" command has been added to report the
|
||||
capabilities of your kernel and iptables.
|
||||
|
||||
Example:
|
||||
|
||||
gateway:~# shorewall show capabilities
|
||||
Loading /usr/share/shorewall/functions...
|
||||
Processing /etc/shorewall/params ...
|
||||
Processing /etc/shorewall/shorewall.conf...
|
||||
Loading Modules...
|
||||
Shorewall has detected the following iptables/netfilter capabilities:
|
||||
NAT: Available
|
||||
Packet Mangling: Available
|
||||
Multi-port Match: Available
|
||||
Extended Multi-port Match: Available
|
||||
Connection Tracking Match: Available
|
||||
Packet Type Match: Not available
|
||||
Policy Match: Available
|
||||
Physdev Match: Available
|
||||
IP range Match: Available
|
||||
Recent Match: Available
|
||||
Owner Match: Available
|
||||
gateway:~#
|
||||
|
||||
-----------------------------------------------------------------------
|
||||
Problems corrected in version 2.2.3
|
||||
|
||||
|
||||
@ -58,6 +58,7 @@
|
||||
# shorewall show {mangle|tos} Display the rules in the mangle table
|
||||
# shorewall show tc Display traffic control info
|
||||
# shorewall show classifiers Display classifiers
|
||||
# shorewall show capabilities Display iptables/kernel capabilities
|
||||
# shorewall version Display the installed version id
|
||||
# shorewall check Verify the more heavily-used
|
||||
# configuration files.
|
||||
@ -537,7 +538,8 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
oldrejects=$($IPTABLES -L -v -n | grep 'LOG')
|
||||
|
||||
if [ $1 -lt 0 ]; then
|
||||
if [ $1 -lt 0 ]; then> -Tom
|
||||
|
||||
timeout=$((- $1))
|
||||
pause="Yes"
|
||||
else
|
||||
@ -616,7 +618,7 @@ usage() # $1 = exit status
|
||||
echo " restart [ <directory> ]"
|
||||
echo " restore [ <file name> ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos|zones]"
|
||||
echo " show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
|
||||
echo " start [ <directory> ]"
|
||||
echo " stop"
|
||||
echo " status"
|
||||
@ -938,6 +940,9 @@ case "$1" in
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
capabilities)
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
|
||||
;;
|
||||
*)
|
||||
shift
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user