diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 707adc127..7ff5e446e 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -154,3 +154,5 @@ Changes since 2.0.3 74) Correct bug in "shorewall add" 75) Correct bridge handling in "shorewall add" and "shorewall delete" + +76) Add "shorewall show zones" diff --git a/Shorewall2/help b/Shorewall2/help index c4d80adec..9b830efcc 100644 --- a/Shorewall2/help +++ b/Shorewall2/help @@ -219,7 +219,7 @@ save) ;; show) - echo "show: show [ [ ...] |classifiers|connections|log|nat|tc|tos] + echo "show: show [ [ ...] |classifiers|connections|log|nat|tc|tos|zones] shorewall [-x] show [ ... ] - produce a verbose report about the IPtable chain(s). (iptables -L chain -n -v) @@ -238,6 +238,9 @@ show) shorewall show tc - displays information about the traffic control/shaping configuration. + shorewall show zones - displays the contents of all zones. Requires + DYNAMIC_ZONES=Yes in /etc/shorewall/shorewall.conf + When -x is given, that option is also passed to iptables to display actual packet and byte counts." ;; diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index b59b06f27..1dccc5f81 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -712,3 +712,26 @@ New Features: can be used to designate the iptables executable to be used by Shorewall. If not specified, the iptables executable determined by the PATH setting is used. + +31) When DYNAMIC_ZONES=Yes in /etc/shorewall/shorewall.conf, you can + now use the "shorewall show zones" command to display the current + contents of the zones. + + Example: + + ursa:/etc/shorewall # shorewall show zones + Shorewall-2.2.0-Beta7 Zones at ursa - Sat Nov 27 11:18:25 PST 2004 + + loc + eth0:192.168.1.0/24 + eth1:1.2.3.4 + net + eth0:0.0.0.0/0 + WiFi + eth1:0.0.0.0/0 + sec + eth1:0.0.0.0/0 + + ursa:/etc/shorewall # + + diff --git a/Shorewall2/shorewall b/Shorewall2/shorewall index 35b17ebd3..75d42e53b 100755 --- a/Shorewall2/shorewall +++ b/Shorewall2/shorewall @@ -609,7 +609,7 @@ usage() # $1 = exit status echo " restart [ ]" echo " restore [ ]" echo " save [ ]" - echo " show [ [ ... ]|classifiers|connections|log|nat|tc|tos]" + echo " show [ [ ... ]|classifiers|connections|log|nat|tc|tos|zones]" echo " start [ ]" echo " stop" echo " status" @@ -913,6 +913,24 @@ case "$1" in echo show_classifiers ;; + zones) + [ $# -gt 2 ] && usage 1 + [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall + if [ -f $STATEDIR/zones ]; then + echo "Shorewall-$version Zones at $HOSTNAME - $(date)" + echo + while read zone hosts; do + echo $zone + for host in $hosts; do + echo " $host" + done + done < $STATEDIR/zones + echo + else + echo " ERROR: Dynamic zones are not enabled" >&2 + exit 1 + fi + ;; *) shift