forked from extern/shorewall_code
Fix the output of the 'hits' command under BusyBox 1.2.0
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4233 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
f8d5c5375e
commit
a96c3a1a1b
@ -1,43 +1,3 @@
|
||||
Changes in 3.2.0 RC 6
|
||||
Changes in 3.3.0
|
||||
|
||||
1) Update version.
|
||||
|
||||
Changes in 3.2.0 RC 5
|
||||
|
||||
1) Update version.
|
||||
|
||||
Changes in 3.2.0 RC 4
|
||||
|
||||
1) Add RESTOREFILE to shorewall.conf
|
||||
|
||||
2) Correct many inaccuracies in shorewall.conf
|
||||
|
||||
3) Make progress messages product-specific.
|
||||
|
||||
4) Move firewall to /var/lib/shorewall-lite/.
|
||||
|
||||
Changes in 3.2.0 RC 3
|
||||
|
||||
1) Fix configpath.
|
||||
|
||||
2) Fix Makefile.
|
||||
|
||||
3) Fix shorecap.
|
||||
|
||||
4) Cleanup.
|
||||
|
||||
5) Fix SUBSYSLOCK value.
|
||||
|
||||
Changes in 3.2.0 RC 2
|
||||
|
||||
1) Remove VERSION from shorecap.
|
||||
|
||||
2) Rationalize the use of IPTABLES and LOGFORMAT.
|
||||
|
||||
3) Change 'shorewall version' to include 'Lite'
|
||||
|
||||
4) Allow Shorewall/Shorewall-lite coexistence
|
||||
|
||||
Changes in 3.2.0 RC 1
|
||||
|
||||
1) First Release.
|
||||
1) Fix output of 'hits' command under busybox 1.2.0.
|
||||
|
@ -1,91 +1,12 @@
|
||||
Shorewall Lite 3.2.0 RC 6
|
||||
Shorewall Lite 3.3.0
|
||||
|
||||
Problems Corrected in 3.2.0 RC 6
|
||||
Problems Corrected in 3.3.0
|
||||
|
||||
1) The output formating of the 'hits' command under BusyBox 1.2.0 has
|
||||
been corrected.
|
||||
|
||||
Other changes in 3.3.0
|
||||
|
||||
None.
|
||||
|
||||
Other changes in 3.2.0 RC 6
|
||||
|
||||
None.
|
||||
|
||||
New Features:
|
||||
|
||||
Shorewall Lite is a companion product to Shorewall and is designed to
|
||||
allow you to maintain all Shorewall configuration information on a
|
||||
single system within your network.
|
||||
|
||||
a) You install the full Shorewall release on one system within your
|
||||
network. You need not configure Shorewall there and you may totally
|
||||
disable startup of Shorewall in your init scripts. For ease of
|
||||
reference, we call this system the 'administrative system'.
|
||||
|
||||
b) On each system where you wish to run a Shorewall-generated firewall,
|
||||
you install Shorewall Lite. For ease of reference, we will call these
|
||||
systems the 'firewall systems'
|
||||
|
||||
c) On the administrative system you create a separate 'configuration
|
||||
directory' for each firewall system. You copy the contents of
|
||||
/usr/share/shorewall/configfiles into each configuration directory.
|
||||
|
||||
d) On each firewall system, you run these two commands:
|
||||
|
||||
/usr/share/shorewall/shorecap > capabilities
|
||||
scp capabilities <admin system>:<this system's config dir>
|
||||
|
||||
If you are running Debian or one of its derivatives like Ubuntu then
|
||||
edit /etc/default/shorewall-lite and set startup=1.
|
||||
|
||||
Shorewall Lite includes a very limited version of shorewall.conf
|
||||
(/etc/shorewall-lite/shorewall.conf). It includes the following
|
||||
options which have the same meaning as in a full Shorewall
|
||||
installation except as noted below:
|
||||
|
||||
VERBOSITY
|
||||
LOGFILE
|
||||
LOGFORMAT - used by /sbin/shorewall for finding 'Shorewall' log
|
||||
messages. If LOGFORMAT was specified in the
|
||||
shorewall.conf file used at compile time on the
|
||||
administrative system, then the format of the
|
||||
messages themselves is defined by that value. If
|
||||
LOGFORMAT was not specified at compile time then
|
||||
the firewall script will use the value from
|
||||
/etc/shorewall-lite/shorewall.conf on the firewall
|
||||
system.
|
||||
IPTABLES - determines the iptables binary to be used by
|
||||
/sbin/shorewall. The compiled firewall script will
|
||||
use the IPTABLES specified in shorewall.conf at
|
||||
compile time on the administrative system, if any;
|
||||
if IPTABLES was not specified at compile time then
|
||||
the IPTABLES value from
|
||||
/etc/shorewall-lite/shorewall.conf on the firewall
|
||||
system will be used by the firewall script.
|
||||
PATH
|
||||
SHOREWALL_SHELL
|
||||
SUBSYSLOCK
|
||||
RESTOREFILE
|
||||
|
||||
Edit the shorewall.conf file as required.
|
||||
|
||||
e) On the administrative system, for each firewall system you:
|
||||
|
||||
1) modify the files in the corresponding configuration
|
||||
directory appropriately.
|
||||
|
||||
2) (this may be done as a non-root user)
|
||||
|
||||
cd <configuration directory>
|
||||
/sbin/shorewall load . <firewall system>
|
||||
|
||||
3) If you need to change the configuration, after you
|
||||
have modified the configuration:
|
||||
|
||||
cd <configuration directory>
|
||||
/sbin/shorewall reload . <firewall system>
|
||||
|
||||
It is possible to have both shorewall and Shorewall Lite
|
||||
installed on the same system.
|
||||
|
||||
For more information, see:
|
||||
|
||||
http://www.shorewall.net/CompiledProgram.html#Lite
|
||||
|
||||
|
@ -1318,19 +1318,31 @@ case "$COMMAND" in
|
||||
if [ $(grep -c "$LOGFORMAT" $LOGFILE ) -gt 0 ] ; then
|
||||
echo " HITS IP DATE"
|
||||
echo " ---- --------------- ------"
|
||||
grep "$LOGFORMAT" $LOGFILE | sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\3 \1/' | sort | uniq -c | sort -rn
|
||||
grep "$LOGFORMAT" $LOGFILE | sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\3 \1/' | sort | uniq -c | sort -rn |
|
||||
while read count address month day; do
|
||||
printf '%7d %-15s %3s %2d\n' $count $address $month $day
|
||||
done
|
||||
|
||||
echo ""
|
||||
|
||||
echo " HITS IP PORT"
|
||||
echo " ---- --------------- -----"
|
||||
grep "$LOGFORMAT" $LOGFILE | sed 's/\(.*SRC=\)\(.*\)\( DST=.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2 \4/
|
||||
t
|
||||
s/\(.*SRC=\)\(.*\)\( DST=.*\)/\2/' | sort | uniq -c | sort -rn
|
||||
s/\(.*SRC=\)\(.*\)\( DST=.*\)/\2/' | sort | uniq -c | sort -rn | \
|
||||
while read count address port; do
|
||||
printf '%7d %-15s %d\n' $count $address $port
|
||||
done
|
||||
|
||||
echo ""
|
||||
|
||||
echo " HITS DATE"
|
||||
echo " ---- ------"
|
||||
grep "$LOGFORMAT" $LOGFILE | sed 's/\(.\{6\}\)\(.*\)/\1/' | sort | uniq -c | sort -rn
|
||||
grep "$LOGFORMAT" $LOGFILE | sed 's/\(.\{6\}\)\(.*\)/\1/' | sort | uniq -c | sort -rn | \
|
||||
while read count month day; do
|
||||
printf '%7d %3s %2d\n' $count $month $day
|
||||
done
|
||||
|
||||
echo ""
|
||||
|
||||
echo " HITS PORT SERVICE(S)"
|
||||
|
Loading…
Reference in New Issue
Block a user