diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml index 54936f874..1eb0861f1 100644 --- a/docs/shorewall_extension_scripts.xml +++ b/docs/shorewall_extension_scripts.xml @@ -200,6 +200,27 @@ esac with dhclient on several distributions are available at http://www.shorewall.net/pub/shorewall/contrib/findgw/ + + + scfilter -- Added in Shorewall 4.4.14. + Unlike the other scripts, this script is executed by the command line + tools (/sbin/shorewall, + /sbin/shorewall6, etc) and can be used to + reformat the output of the show connections + command. The connection information is piped through this script so + that the script can drop information, add information or alter the + format of the information. When using Shorewall Lite or Shorewall6 + Lite, the script is copied into the generated firewall script and is + extracted into /var/lib/shorewall-lite (/var/lib/shorewall6-lite) + where /sbin/shorewall-lite (/sbin/shorewall6-lite) can find it. After + you have generated a new firewall script and copied the script to a + firewall system, you must start (or restart) the firewall in order to + install a new scfilter script. The default script is as follows and + simply pipes the output through unaltered. + + #! /bin/sh +cat - + If your version of Shorewall doesn't have the @@ -288,6 +309,12 @@ esac save + + scfilter + + show connections + + start @@ -512,6 +539,12 @@ esac restored + + + + + scfilter +