forked from extern/shorewall_code
Fix 'status' command in /usr/share/shorewall/firewall; try to make release notes clearer
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2429 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
989e1e87a5
commit
48502e75bb
@ -8758,9 +8758,18 @@ case "$COMMAND" in
|
||||
|
||||
status)
|
||||
[ $# -ne 1 ] && usage
|
||||
do_initialize
|
||||
echo "Shorewall-$version Status at $HOSTNAME - $(date)"
|
||||
echo
|
||||
$IPTABLES -L -n -v
|
||||
if chain_exists shorewall; then
|
||||
echo "Shorewall is started"
|
||||
echo
|
||||
[ -f /var/lib/shorewall/restarted ] && \
|
||||
echo "Counters reset $(cat /var/lib/shorewall/restarted)" && \
|
||||
echo
|
||||
else
|
||||
echo "Shorewall is not started"
|
||||
fi
|
||||
;;
|
||||
|
||||
reset)
|
||||
|
||||
@ -31,7 +31,24 @@ Migration Considerations:
|
||||
2) The "DISPLAY" and "COMMENTS" columns in the /etc/shorewall/zones
|
||||
file have been removed and have been replaced by the former
|
||||
columns of the /etc/shorewall/ipsec file. The latter file has been
|
||||
removed. As a result, the columns in the /etc/shorewall/zones file
|
||||
removed.
|
||||
|
||||
To attempt to adhere to the principle of least astonishment, the
|
||||
old /etc/shorewall/ipsec file will continue to be supported. A new
|
||||
IPSECFILE variable in /etc/shorewall/shorewall.conf determines the
|
||||
name of the file that Shorewall looks in for IPSEC information. If
|
||||
that variable is not set or is set to the empty value then
|
||||
IPSECFILE=ipsec is assumed. So if you simply upgrade and don't do
|
||||
something idiotic like replace your current shorewall.conf file with
|
||||
the new one, your old configuration will continue to work. A dummy
|
||||
'ipsec' file is included in the release so that your package manager
|
||||
(e.g., rpm) won't remove your existing file.
|
||||
|
||||
The shorewall.conf file included in this release sets
|
||||
IPSECFILE=zones so that new users are expected to use the new zone
|
||||
file format.
|
||||
|
||||
As a result, the columns in the /etc/shorewall/zones file
|
||||
are now as follows:
|
||||
|
||||
ZONE Short name of the zone (5 Characters or less in
|
||||
@ -95,21 +112,6 @@ Migration Considerations:
|
||||
THE ORDER OF THE ENTRIES IN THIS FILE IS IMPORTANT IF YOU HAVE
|
||||
NESTED OR OVERLAPPING ZONES DEFINED THROUGH /etc/shorewall/hosts.
|
||||
|
||||
To attempt to adhere to the principle of least astonishment, the
|
||||
old /etc/shorewall/ipsec file will continue to be supported. A new
|
||||
IPSECFILE variable in /etc/shorewall/shorewall.conf determines the
|
||||
name of the file that Shorewall looks in for IPSEC information. If
|
||||
that variable is not set or is set to the empty value then
|
||||
IPSECFILE=ipsec is assumed. So if you simply upgrade and don't do
|
||||
something idiotic like replace your current shorewall.conf file with
|
||||
the new one, your old configuration will continue to work. A dummy
|
||||
'ipsec' file is included in the release so that your package manager
|
||||
(e.g., rpm) won't remove your existing file.
|
||||
|
||||
The shorewall.conf file included in this release sets
|
||||
IPSECFILE=zones so that new users are expected to use the new zone
|
||||
file format.
|
||||
|
||||
|
||||
3) The DROPINVALID option has been removed from shorewall.conf. The
|
||||
behavior will be as if DROPINVALID=No had been specified. If you
|
||||
|
||||
Loading…
Reference in New Issue
Block a user