From 6ad9b953518820c4aed67a56c59489949627c47c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 18 Jun 2014 13:27:25 -0700 Subject: [PATCH] Implement 'show bl' Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 22 ++++++++++++++++++++- Shorewall/manpages/shorewall.xml | 27 ++++++++++++++++++++++++++ Shorewall6/manpages/shorewall6.xml | 31 ++++++++++++++++++++++++++++-- 3 files changed, 77 insertions(+), 3 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index e4eb9c9f2..28073926d 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -271,6 +271,19 @@ show_classifiers() { } +# +# Display blacklist chains +# +show_bl() { + $g_tool -L $g_ipt_options | \ + awk 'BEGIN {prnt=0; }; + /^$/ {if (prnt == 1) print ""; prnt=0; }; + /Chain .*~ / {prnt=1; }; + /Chain dynamic / {prnt=1; }; + {if (prnt == 1) print; }; + END {if (prnt == 1 ) print "" };' +} + # # Watch the Firewall Log # @@ -1189,7 +1202,13 @@ show_command() { echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)" echo show_events - ;; + ;; + bl|blacklists) + [ $# -gt 1 ] && usage 1 + echo "$g_product $SHOREWALL_VERSION blacklist chains at $g_hostname - $(date)" + echo + show_bl; + ;; *) case "$g_program" in *-lite) @@ -3531,6 +3550,7 @@ usage() # $1 = exit status echo " [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [ [ ... ]" echo " [ show | list | ls ] [ -f ] capabilities" echo " [ show | list | ls ] arptables" + echo " [ show | list | ls ] {bl|blacklists}" echo " [ show | list | ls ] classifiers" echo " [ show | list | ls ] config" echo " [ show | list | ls ] connections" diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 895f21afd..5463c03cd 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -507,6 +507,20 @@ filename + + shorewall + + | + + -options + + + + + + + + shorewall @@ -1474,6 +1488,19 @@ + + bl|blacklists + + + Added in Shorewall 4.6.2. Displays the dynamic chain + along with any chains produced by entries in + shorewall-blrules(5).The -x + option is passed directly through to iptables and causes + actual packet and byte counts to be displayed. Without this + option, those counts are abbreviated. + + + capabilities diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index bcb577951..b74bb4284 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -123,7 +123,7 @@ - shorewall + shorewall6 | @@ -166,7 +166,7 @@ - shorewall + shorewall6 | @@ -452,6 +452,20 @@ filename + + shorewall6 + + | + + -options + + + + + + + + shorewall6 @@ -1355,6 +1369,19 @@ + + bl|blacklists + + + Added in Shorewall 4.6.2. Displays the dynamic chain + along with any chains produced by entries in + shorewall-blrules(5).The -x + option is passed directly through to ip6tables and causes + actual packet and byte counts to be displayed. Without this + option, those counts are abbreviated. + + + capabilities