forked from extern/shorewall_code
Make Shorewall quieter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
48d828a03c
commit
5eecd59292
@ -24,3 +24,5 @@ Changes in 3.1.x.
|
||||
11) Fix 'check' bug in setup_masq
|
||||
|
||||
12) Break compiler/firewall into two files
|
||||
|
||||
13) Make Shoreall quiet for a change.
|
||||
|
@ -956,7 +956,7 @@ determine_hosts() {
|
||||
eval ${zone}_hosts="\$hosts"
|
||||
|
||||
if [ -n "$hosts" ]; then
|
||||
[ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts
|
||||
[ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts
|
||||
else
|
||||
error_message "WARNING: Zone $zone is empty"
|
||||
fi
|
||||
@ -6983,7 +6983,7 @@ initialize_netfilter () {
|
||||
|
||||
determine_zones
|
||||
|
||||
if [ $QUIET -lt 2 ]; then
|
||||
if [ $VERBOSE -ge 1 ]; then
|
||||
display_list "IPv4 Zones:" $IPV4_ZONES
|
||||
[ -n "$IPSEC_ZONES" ] && \
|
||||
display_list "IPSEC Zones:" $IPSEC_ZONES
|
||||
@ -8395,7 +8395,7 @@ __EOF__
|
||||
# These variables are required by the library functions called in this script
|
||||
#
|
||||
[ -n \${COMMAND:=restart} ]
|
||||
[ -n \${QUIET:=0} ]
|
||||
[ -n \${VERBOSE:=0} ]
|
||||
MODULESDIR="$MODULESDIR"
|
||||
MODULE_SUFFIX="$MODULE_SUFFIX"
|
||||
LOGLIMIT="$LOGLIMIT"
|
||||
@ -8703,7 +8703,7 @@ do_initialize() {
|
||||
FUNCTIONS=$SHARED_DIR/functions
|
||||
|
||||
if [ -f $FUNCTIONS ]; then
|
||||
[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..."
|
||||
[ $VERBOSE -ge 2 ] && echo "Loading $FUNCTIONS..."
|
||||
. $FUNCTIONS
|
||||
else
|
||||
startup_error "$FUNCTIONS does not exist!"
|
||||
|
@ -1036,7 +1036,7 @@ determine_hosts() {
|
||||
eval ${zone}_hosts="\$hosts"
|
||||
|
||||
if [ -n "$hosts" ]; then
|
||||
[ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts
|
||||
[ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts
|
||||
else
|
||||
error_message "WARNING: Zone $zone is empty"
|
||||
fi
|
||||
@ -7169,7 +7169,7 @@ initialize_netfilter () {
|
||||
|
||||
determine_zones
|
||||
|
||||
if [ $QUIET -lt 2 ]; then
|
||||
if [ $VERBOSE -ge 1 ]; then
|
||||
display_list "IPv4 Zones:" $IPV4_ZONES
|
||||
[ -n "$IPSEC_ZONES" ] && \
|
||||
display_list "IPSEC Zones:" $IPSEC_ZONES
|
||||
@ -8814,7 +8814,7 @@ do_initialize() {
|
||||
FUNCTIONS=$SHARED_DIR/functions
|
||||
|
||||
if [ -f $FUNCTIONS ]; then
|
||||
[ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..."
|
||||
[ $VERBOSE -gt 1 ] && echo "Loading $FUNCTIONS..."
|
||||
. $FUNCTIONS
|
||||
else
|
||||
startup_error "$FUNCTIONS does not exist!"
|
||||
|
@ -67,12 +67,12 @@ list_count() {
|
||||
#
|
||||
progress_message() # $* = Message
|
||||
{
|
||||
[ $QUIET -lt 1 ] && echo "$@"
|
||||
[ $VERBOSE -gt 1 ] && echo "$@"
|
||||
}
|
||||
|
||||
progress_message2() # $* = Message
|
||||
{
|
||||
[ $QUIET -lt 2 ] && echo "$@"
|
||||
[ $VERBOSE -gt 0 ] && echo "$@"
|
||||
}
|
||||
|
||||
#
|
||||
@ -1137,7 +1137,7 @@ report_capability() # $1 = Capability Description , $2 Capability Setting (if an
|
||||
}
|
||||
|
||||
report_capabilities() {
|
||||
if [ $QUIET -lt 2 ]; then
|
||||
if [ $VERBOSE -gt 1 ]; then
|
||||
echo "Shorewall has detected the following iptables/netfilter capabilities:"
|
||||
report_capability "NAT" $NAT_ENABLED
|
||||
report_capability "Packet Mangling" $MANGLE_ENABLED
|
||||
|
@ -22,9 +22,9 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
|
||||
while [ -n "$option" ]; do
|
||||
case $option in
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
option=${option#q}
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
n*)
|
||||
NOROUTES=Yes
|
||||
|
@ -31,6 +31,21 @@ Problems Corrected in 3.1.4
|
||||
1) "shorewall check" generates an error if there are entries in
|
||||
/etc/shorewall/massq.
|
||||
|
||||
New Features added in 3.1.4
|
||||
|
||||
1) The /etc/shorewall/maclist file has a new column layout. The first column is
|
||||
now DISPOSITION. This column determines what to do with matching packets and
|
||||
can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it can also
|
||||
contain REJECT). This change is upward compatible so your existing maclist
|
||||
file can still be used.
|
||||
|
||||
2) Shorewall has always been very noisy (lots of messages). No more. The default
|
||||
is now to be very quiet and you get more detail using the -v option (or -vv if
|
||||
you want the old noisy behavior). The -q option is still supported but only
|
||||
reverses the effect of -v. So "shorewall start -qqvv" is still completely quiet
|
||||
while "shorewall start -vv" gives the same amount of output as the old "shorewall
|
||||
start" did.
|
||||
|
||||
Migration Considerations:
|
||||
|
||||
None.
|
||||
|
@ -279,7 +279,7 @@ packet_log() # $1 = number of messages
|
||||
|
||||
[ -n "$realtail" ] && options="-n$1"
|
||||
|
||||
if [ -n "$VERBOSE" ]; then
|
||||
if [ $VERBOSE -gt 1 ]; then
|
||||
grep "${LOGFORMAT}" $LOGFILE | \
|
||||
sed s/" kernel:"// | \
|
||||
sed s/" $host $LOGFORMAT"/" "/ | \
|
||||
@ -507,9 +507,13 @@ start_command() {
|
||||
option=
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
f*)
|
||||
FAST=Yes
|
||||
option=${option#f}
|
||||
@ -612,9 +616,13 @@ compile_command() {
|
||||
option=${option#e}
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
p*)
|
||||
export PROGRAM=Yes
|
||||
option=${option#p}
|
||||
@ -685,9 +693,13 @@ restart_command() {
|
||||
option=
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
n*)
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
@ -750,9 +762,13 @@ check_command() {
|
||||
option=
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -811,9 +827,13 @@ reload_command() {
|
||||
option=
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
n*)
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
@ -858,7 +878,7 @@ reload_command() {
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
|
||||
if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then
|
||||
$0 nolock $(make_quiet) restore .reload
|
||||
$0 nolock $(make_verbose) restore .reload
|
||||
fi
|
||||
|
||||
[ -n "$nolock" ] || mutex_off
|
||||
@ -882,8 +902,8 @@ show_command() {
|
||||
option=
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=Yes
|
||||
option=${option#v}
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
@ -1019,8 +1039,8 @@ dump_command() {
|
||||
option=
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=Yes
|
||||
option=${option#v}
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
@ -1131,9 +1151,13 @@ restore_command() {
|
||||
option=
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
n*)
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
@ -1287,15 +1311,15 @@ heading() {
|
||||
#
|
||||
# Create the appropriate -q option to pass oneward
|
||||
#
|
||||
make_quiet() {
|
||||
local q=$QUIET
|
||||
make_verbose() {
|
||||
local v=$VERBOSE
|
||||
|
||||
if [ $QUIET -gt 0 ]; then
|
||||
if [ $VERBOSE -gt 0 ]; then
|
||||
local option=-
|
||||
|
||||
while [ $q -gt 0 ]; do
|
||||
option="${option}q"
|
||||
q=$(($q - 1))
|
||||
while [ $v -gt 0 ]; do
|
||||
option="${option}v"
|
||||
v=$(($v - 1))
|
||||
done
|
||||
|
||||
echo $option
|
||||
@ -1320,10 +1344,9 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=
|
||||
export QUIET=0
|
||||
IPT_OPTIONS="-nv"
|
||||
FAST=
|
||||
VERBOSE=
|
||||
export VERBOSE=0
|
||||
NOROUTES=
|
||||
EXPORT=
|
||||
noroutes=
|
||||
@ -1368,7 +1391,7 @@ while [ $finished -eq 0 ]; do
|
||||
option=${option#x}
|
||||
;;
|
||||
q*)
|
||||
QUIET=$(($QUIET + 1 ))
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
f*)
|
||||
@ -1376,8 +1399,8 @@ while [ $finished -eq 0 ]; do
|
||||
option=${option#f}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=Yes
|
||||
option=${option#v}
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
n*)
|
||||
NOROUTES=Yes
|
||||
@ -1612,17 +1635,17 @@ case "$COMMAND" in
|
||||
try)
|
||||
[ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\""
|
||||
[ $# -lt 2 -o $# -gt 3 ] && usage 1
|
||||
[ -n "$QUIET" ] && QUIET=$(make_quiet)
|
||||
[ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
|
||||
[ -n "$NOROUTES" ] && NOROUTES=-n
|
||||
if ! $0 $debugging $QUIET -c $2 restart; then
|
||||
if ! $0 $debugging $VERBOSE -c $2 restart; then
|
||||
if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
|
||||
$0 $QUIET $NOROUTES start
|
||||
$0 $VERBOSE $NOROUTES start
|
||||
fi
|
||||
elif ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then
|
||||
$0 $QUIET $NOROUTES start
|
||||
$0 $VERBOSE $NOROUTES start
|
||||
elif [ $# -eq 3 ]; then
|
||||
sleep $3
|
||||
$0 $QUIET $NOROUTES restart
|
||||
$0 $VERBOSE $NOROUTES restart
|
||||
fi
|
||||
;;
|
||||
logwatch)
|
||||
@ -1642,8 +1665,8 @@ case "$COMMAND" in
|
||||
while [ -n "$option" ]; do
|
||||
case $option in
|
||||
v*)
|
||||
VERBOSE=Yes
|
||||
option=${option#e}
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
-)
|
||||
finished=1
|
||||
@ -1836,7 +1859,7 @@ case "$COMMAND" in
|
||||
exit 2
|
||||
fi
|
||||
|
||||
[ -n "$QUIET" ] && QUIET=$(make_quiet)
|
||||
[ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
|
||||
|
||||
mutex_on
|
||||
|
||||
@ -1850,7 +1873,7 @@ case "$COMMAND" in
|
||||
if [ "$1" = "safe-start" -a $running -eq 0 ]
|
||||
then
|
||||
# the command is safe-start but the firewall is already running
|
||||
$0 $debugging nolock $QUIET start
|
||||
$0 $debugging nolock $VERBOSE start
|
||||
ret=$?
|
||||
mutex_off
|
||||
exit 0
|
||||
@ -1871,7 +1894,7 @@ case "$COMMAND" in
|
||||
$0 $debugging nolock save "safe-start-restart"
|
||||
fi
|
||||
|
||||
$0 $debugging nolock $QUIET $command
|
||||
$0 $debugging nolock $VERBOSE $command
|
||||
|
||||
echo -n "Do you want to accept the new firewall configuration? [y/n] "
|
||||
read_yesno_with_timeout
|
||||
|
Loading…
Reference in New Issue
Block a user