From 5eecd59292bfd4dc85eab532a802ce3b9f461d1f Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 23 Jan 2006 01:41:24 +0000 Subject: [PATCH] Make Shorewall quieter git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 + Shorewall/compiler | 8 ++-- Shorewall/firewall | 6 +-- Shorewall/functions | 6 +-- Shorewall/prog.footer | 6 +-- Shorewall/releasenotes.txt | 15 +++++++ Shorewall/shorewall | 89 ++++++++++++++++++++++++-------------- 7 files changed, 86 insertions(+), 46 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 8fba8426b..4621e3fe8 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -24,3 +24,5 @@ Changes in 3.1.x. 11) Fix 'check' bug in setup_masq 12) Break compiler/firewall into two files + +13) Make Shoreall quiet for a change. diff --git a/Shorewall/compiler b/Shorewall/compiler index bba4f5d17..a78c77953 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -956,7 +956,7 @@ determine_hosts() { eval ${zone}_hosts="\$hosts" if [ -n "$hosts" ]; then - [ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts + [ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts else error_message "WARNING: Zone $zone is empty" fi @@ -6983,7 +6983,7 @@ initialize_netfilter () { determine_zones - if [ $QUIET -lt 2 ]; then + if [ $VERBOSE -ge 1 ]; then display_list "IPv4 Zones:" $IPV4_ZONES [ -n "$IPSEC_ZONES" ] && \ display_list "IPSEC Zones:" $IPSEC_ZONES @@ -8395,7 +8395,7 @@ __EOF__ # These variables are required by the library functions called in this script # [ -n \${COMMAND:=restart} ] - [ -n \${QUIET:=0} ] + [ -n \${VERBOSE:=0} ] MODULESDIR="$MODULESDIR" MODULE_SUFFIX="$MODULE_SUFFIX" LOGLIMIT="$LOGLIMIT" @@ -8703,7 +8703,7 @@ do_initialize() { FUNCTIONS=$SHARED_DIR/functions if [ -f $FUNCTIONS ]; then - [ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..." + [ $VERBOSE -ge 2 ] && echo "Loading $FUNCTIONS..." . $FUNCTIONS else startup_error "$FUNCTIONS does not exist!" diff --git a/Shorewall/firewall b/Shorewall/firewall index 6655f0183..8ec95ac58 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1036,7 +1036,7 @@ determine_hosts() { eval ${zone}_hosts="\$hosts" if [ -n "$hosts" ]; then - [ $QUIET -lt 2 ] && display_list "$zone Zone:" $hosts + [ $VERBOSE -ge 1 ] && display_list "$zone Zone:" $hosts else error_message "WARNING: Zone $zone is empty" fi @@ -7169,7 +7169,7 @@ initialize_netfilter () { determine_zones - if [ $QUIET -lt 2 ]; then + if [ $VERBOSE -ge 1 ]; then display_list "IPv4 Zones:" $IPV4_ZONES [ -n "$IPSEC_ZONES" ] && \ display_list "IPSEC Zones:" $IPSEC_ZONES @@ -8814,7 +8814,7 @@ do_initialize() { FUNCTIONS=$SHARED_DIR/functions if [ -f $FUNCTIONS ]; then - [ $QUIET -lt 1 ] && echo "Loading $FUNCTIONS..." + [ $VERBOSE -gt 1 ] && echo "Loading $FUNCTIONS..." . $FUNCTIONS else startup_error "$FUNCTIONS does not exist!" diff --git a/Shorewall/functions b/Shorewall/functions index 99825ec62..da310c600 100755 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -67,12 +67,12 @@ list_count() { # progress_message() # $* = Message { - [ $QUIET -lt 1 ] && echo "$@" + [ $VERBOSE -gt 1 ] && echo "$@" } progress_message2() # $* = Message { - [ $QUIET -lt 2 ] && echo "$@" + [ $VERBOSE -gt 0 ] && echo "$@" } # @@ -1137,7 +1137,7 @@ report_capability() # $1 = Capability Description , $2 Capability Setting (if an } report_capabilities() { - if [ $QUIET -lt 2 ]; then + if [ $VERBOSE -gt 1 ]; then echo "Shorewall has detected the following iptables/netfilter capabilities:" report_capability "NAT" $NAT_ENABLED report_capability "Packet Mangling" $MANGLE_ENABLED diff --git a/Shorewall/prog.footer b/Shorewall/prog.footer index 6501c05d0..f9d3791c2 100644 --- a/Shorewall/prog.footer +++ b/Shorewall/prog.footer @@ -22,9 +22,9 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do while [ -n "$option" ]; do case $option in - q*) - QUIET=$(($QUIET + 1 )) - option=${option#q} + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} ;; n*) NOROUTES=Yes diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 97507188d..5b136f12d 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -31,6 +31,21 @@ Problems Corrected in 3.1.4 1) "shorewall check" generates an error if there are entries in /etc/shorewall/massq. +New Features added in 3.1.4 + +1) The /etc/shorewall/maclist file has a new column layout. The first column is + now DISPOSITION. This column determines what to do with matching packets and + can have the value ACCEPT or DROP (if MACLIST_TABLE=filter, it can also + contain REJECT). This change is upward compatible so your existing maclist + file can still be used. + +2) Shorewall has always been very noisy (lots of messages). No more. The default + is now to be very quiet and you get more detail using the -v option (or -vv if + you want the old noisy behavior). The -q option is still supported but only + reverses the effect of -v. So "shorewall start -qqvv" is still completely quiet + while "shorewall start -vv" gives the same amount of output as the old "shorewall + start" did. + Migration Considerations: None. diff --git a/Shorewall/shorewall b/Shorewall/shorewall index d22d8072f..0ab3c31ba 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -279,7 +279,7 @@ packet_log() # $1 = number of messages [ -n "$realtail" ] && options="-n$1" - if [ -n "$VERBOSE" ]; then + if [ $VERBOSE -gt 1 ]; then grep "${LOGFORMAT}" $LOGFILE | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ @@ -507,9 +507,13 @@ start_command() { option= ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE - 1 )) option=${option#q} ;; + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} + ;; f*) FAST=Yes option=${option#f} @@ -612,9 +616,13 @@ compile_command() { option=${option#e} ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE - 1 )) option=${option#q} ;; + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} + ;; p*) export PROGRAM=Yes option=${option#p} @@ -685,9 +693,13 @@ restart_command() { option= ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE - 1 )) option=${option#q} ;; + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} + ;; n*) NOROUTES=Yes option=${option#n} @@ -750,9 +762,13 @@ check_command() { option= ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE - 1 )) option=${option#q} ;; + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} + ;; *) usage 1 ;; @@ -811,9 +827,13 @@ reload_command() { option= ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE - 1 )) option=${option#q} ;; + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} + ;; n*) NOROUTES=Yes option=${option#n} @@ -858,7 +878,7 @@ reload_command() { [ -n "$nolock" ] || mutex_on if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then - $0 nolock $(make_quiet) restore .reload + $0 nolock $(make_verbose) restore .reload fi [ -n "$nolock" ] || mutex_off @@ -882,8 +902,8 @@ show_command() { option= ;; v*) - VERBOSE=Yes - option=${option#v} + VERBOSE=$(($VERBOSE + 1 )) + option=${option#q} ;; *) usage 1 @@ -1019,8 +1039,8 @@ dump_command() { option= ;; v*) - VERBOSE=Yes - option=${option#v} + VERBOSE=$(($VERBOSE + 1 )) + option=${option#q} ;; *) usage 1 @@ -1131,9 +1151,13 @@ restore_command() { option= ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE + 1 )) option=${option#q} ;; + v*) + VERBOSE=$(($VERBOSE + 1 )) + option=${option#v} + ;; n*) NOROUTES=Yes option=${option#n} @@ -1287,15 +1311,15 @@ heading() { # # Create the appropriate -q option to pass oneward # -make_quiet() { - local q=$QUIET +make_verbose() { + local v=$VERBOSE - if [ $QUIET -gt 0 ]; then + if [ $VERBOSE -gt 0 ]; then local option=- - while [ $q -gt 0 ]; do - option="${option}q" - q=$(($q - 1)) + while [ $v -gt 0 ]; do + option="${option}v" + v=$(($v - 1)) done echo $option @@ -1320,10 +1344,9 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then fi SHOREWALL_DIR= -export QUIET=0 IPT_OPTIONS="-nv" FAST= -VERBOSE= +export VERBOSE=0 NOROUTES= EXPORT= noroutes= @@ -1368,7 +1391,7 @@ while [ $finished -eq 0 ]; do option=${option#x} ;; q*) - QUIET=$(($QUIET + 1 )) + VERBOSE=$(($VERBOSE - 1 )) option=${option#q} ;; f*) @@ -1376,8 +1399,8 @@ while [ $finished -eq 0 ]; do option=${option#f} ;; v*) - VERBOSE=Yes - option=${option#v} + VERBOSE=$(($VERBOSE + 1 )) + option=${option#q} ;; n*) NOROUTES=Yes @@ -1612,17 +1635,17 @@ case "$COMMAND" in try) [ -n "$SHOREWALL_DIR" ] && startup_error "ERROR: -c option may not be used with \"try\"" [ $# -lt 2 -o $# -gt 3 ] && usage 1 - [ -n "$QUIET" ] && QUIET=$(make_quiet) + [ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose) [ -n "$NOROUTES" ] && NOROUTES=-n - if ! $0 $debugging $QUIET -c $2 restart; then + if ! $0 $debugging $VERBOSE -c $2 restart; then if ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then - $0 $QUIET $NOROUTES start + $0 $VERBOSE $NOROUTES start fi elif ! $IPTABLES -L shorewall > /dev/null 2> /dev/null; then - $0 $QUIET $NOROUTES start + $0 $VERBOSE $NOROUTES start elif [ $# -eq 3 ]; then sleep $3 - $0 $QUIET $NOROUTES restart + $0 $VERBOSE $NOROUTES restart fi ;; logwatch) @@ -1642,8 +1665,8 @@ case "$COMMAND" in while [ -n "$option" ]; do case $option in v*) - VERBOSE=Yes - option=${option#e} + VERBOSE=$(($VERBOSE + 1 )) + option=${option#q} ;; -) finished=1 @@ -1836,7 +1859,7 @@ case "$COMMAND" in exit 2 fi - [ -n "$QUIET" ] && QUIET=$(make_quiet) + [ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose) mutex_on @@ -1850,7 +1873,7 @@ case "$COMMAND" in if [ "$1" = "safe-start" -a $running -eq 0 ] then # the command is safe-start but the firewall is already running - $0 $debugging nolock $QUIET start + $0 $debugging nolock $VERBOSE start ret=$? mutex_off exit 0 @@ -1871,7 +1894,7 @@ case "$COMMAND" in $0 $debugging nolock save "safe-start-restart" fi - $0 $debugging nolock $QUIET $command + $0 $debugging nolock $VERBOSE $command echo -n "Do you want to accept the new firewall configuration? [y/n] " read_yesno_with_timeout