diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 3c6961f26..df3a8146a 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -678,7 +678,12 @@ show_command() {
# eliminates rules which have not been used from ip*tables' output
brief_output() {
- grep -Eve '^ +0 +0 +'
+ awk \
+ '/^Chain / { heading1 = $0; getline heading2; printed = 0; next; };
+ /^ +0 +0 / { next; };
+ /^$/ { if ( printed == 1 ) { print $0; }; next; };
+ { if ( printed == 0 ) { print heading1; print heading2; printed = 1 }; };
+ { print; }';
}
while [ $finished -eq 0 -a $# -gt 0 ]; do
diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml
index bdc27632f..6f595298f 100644
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -843,11 +843,11 @@
Netfilter table to display. The default is filter.
- The -b ('brief')
- option causes rules which have not been used (i.e. which
- have zero packet and byte counts) to be omitted from the
- output. In the future, this may be extended to omit unused
- chains entirely.
+ The -b ('brief') option
+ causes rules which have not been used (i.e. which have zero
+ packet and byte counts) to be omitted from the output. Chains
+ with no rules displayed are also omitted from the
+ output.
The -l option causes
the rule number for each Netfilter rule to be
diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml
index 888042d1e..4c8d40d00 100644
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@@ -1398,9 +1398,9 @@
The -b ('brief') option
causes rules which have not been used (i.e. which have zero
- packet and byte counts) to be omitted from the output. In the
- future, this may be extended to omit unused chains
- entirely.
+ packet and byte counts) to be omitted from the output. Chains
+ with no rules displayed are also omitted from the
+ output.
The -l option causes
the rule number for each Netfilter rule to be
diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml
index d9f138733..e62854c8b 100644
--- a/Shorewall6-lite/manpages/shorewall6-lite.xml
+++ b/Shorewall6-lite/manpages/shorewall6-lite.xml
@@ -841,11 +841,11 @@
Netfilter table to display. The default is filter.
- The -b ('brief')
- option causes rules which have not been used (i.e. which
- have zero packet and byte counts) to be omitted from the
- output. In the future, this may be extended to omit unused
- chains entirely.
+ The -b ('brief') option
+ causes rules which have not been used (i.e. which have zero
+ packet and byte counts) to be omitted from the output. Chains
+ with no rules displayed are also omitted from the
+ output.
The -l option causes
the rule number for each Netfilter rule to be
diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml
index e78d4dc4a..8636416ab 100644
--- a/Shorewall6/manpages/shorewall6.xml
+++ b/Shorewall6/manpages/shorewall6.xml
@@ -1277,11 +1277,11 @@
Netfilter table to display. The default is filter.
- The -b ('brief')
- option causes rules which have not been used (i.e. which
- have zero packet and byte counts) to be omitted from the
- output. In the future, this may be extended to omit unused
- chains entirely.
+ The -b ('brief') option
+ causes rules which have not been used (i.e. which have zero
+ packet and byte counts) to be omitted from the output. Chains
+ with no rules displayed are also omitted from the
+ output.
The -l option causes
the rule number for each Netfilter rule to be