Add 'shorewall show zones' command

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-11-27 19:44:32 +00:00 · 2004-11-27 19:44:32 +00:00 · a6f07b8bc5
commit a6f07b8bc5
parent 193edff66a
4 changed files with 48 additions and 2 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -154,3 +154,5 @@ Changes since 2.0.3
 74) Correct bug in "shorewall add"

 75) Correct bridge handling in "shorewall add" and "shorewall delete"
+
+76) Add "shorewall show zones"
--- a/Shorewall2/help
+++ b/Shorewall2/help
@ -219,7 +219,7 @@ save)
 	;;

 show)
-	echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos]
+	echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos|zones]

    shorewall [-x] show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
    (iptables -L chain -n -v)
@ -238,6 +238,9 @@ show)
    shorewall show tc - displays information about the traffic
 	control/shaping configuration.

+    shorewall show zones - displays the contents of all zones. Requires
+        DYNAMIC_ZONES=Yes in /etc/shorewall/shorewall.conf
+
    When -x is given, that option is also passed to iptables to display actual packet and byte counts."
 	;;

--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -712,3 +712,26 @@ New Features:
    can be used to designate the iptables executable to be used by
    Shorewall. If not specified, the iptables executable determined by
    the PATH setting is used.
+
+31) When DYNAMIC_ZONES=Yes in /etc/shorewall/shorewall.conf, you can
+    now use the "shorewall show zones" command to display the current
+    contents of the zones.
+
+    Example:
+
+	ursa:/etc/shorewall # shorewall show zones
+	Shorewall-2.2.0-Beta7 Zones at ursa - Sat Nov 27 11:18:25 PST 2004
+ 
+	loc
+	   eth0:192.168.1.0/24
+	   eth1:1.2.3.4
+	net	   
+	   eth0:0.0.0.0/0
+	WiFi
+	   eth1:0.0.0.0/0
+	sec
+	   eth1:0.0.0.0/0
+ 
+	ursa:/etc/shorewall #
+
+
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@ -609,7 +609,7 @@ usage() # $1 = exit status
    echo "   restart [ <directory> ]"
    echo "   restore [ <file name> ]"
    echo "   save [ <file name> ]"
-    echo "   show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos]"
+    echo "   show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos|zones]"
    echo "   start [ <directory> ]"
    echo "   stop"
    echo "   status"
@ -913,6 +913,24 @@ case "$1" in
 	    echo
 	    show_classifiers
 	    ;;
+	zones)
+	    [ $# -gt 2 ] && usage 1
+	    [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
+	    if [ -f $STATEDIR/zones ]; then
+		echo "Shorewall-$version Zones at $HOSTNAME - $(date)"
+		echo
+		while read zone hosts; do
+		    echo $zone
+		    for host in $hosts; do
+			echo "   $host"
+		    done
+		done < $STATEDIR/zones
+		echo
+	    else
+		echo "   ERROR: Dynamic zones are not enabled" >&2
+		exit 1
+	    fi
+	    ;;
 	*)
 	    shift