forked from extern/shorewall_code
Add 'shorewall show config' command to display distribution-specific defaults
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4130 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
3cd962fc61
commit
fb89790044
@ -205,7 +205,7 @@ save)
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
show)
|
show)
|
||||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|macros|mangle|nat|tc|zones]
|
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|config|connections|log|macros|mangle|nat|tc|zones]
|
||||||
|
|
||||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||||
(iptables -L chain -n -v)
|
(iptables -L chain -n -v)
|
||||||
@ -229,6 +229,8 @@ show)
|
|||||||
|
|
||||||
shorewall show capabilities - displays your kernel/iptables capabilities
|
shorewall show capabilities - displays your kernel/iptables capabilities
|
||||||
|
|
||||||
|
shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution
|
||||||
|
|
||||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -683,81 +683,86 @@ show_command() {
|
|||||||
|
|
||||||
[ -n "$debugging" ] && set -x
|
[ -n "$debugging" ] && set -x
|
||||||
case "$1" in
|
case "$1" in
|
||||||
connections)
|
connections)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
echo "Shorewall Lite $version Connections at $HOSTNAME - $(date)"
|
echo "Shorewall Lite $version Connections at $HOSTNAME - $(date)"
|
||||||
echo
|
|
||||||
cat /proc/net/ip_conntrack
|
|
||||||
;;
|
|
||||||
nat)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall Lite $version NAT Table at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
$IPTABLES -t nat -L $IPT_OPTIONS
|
|
||||||
;;
|
|
||||||
tos|mangle)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall Lite $version Mangle Table at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
$IPTABLES -t mangle -L $IPT_OPTIONS
|
|
||||||
;;
|
|
||||||
log)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall Lite $version Log at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
|
||||||
packet_log 20
|
|
||||||
;;
|
|
||||||
tc)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall Lite $version Traffic Control at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_tc
|
|
||||||
;;
|
|
||||||
classifiers)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall Lite $version Clasifiers at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_classifiers
|
|
||||||
;;
|
|
||||||
zones)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
if [ -f ${VARDIR}/zones ]; then
|
|
||||||
echo "Shorewall Lite $version Zones at $HOSTNAME - $(date)"
|
|
||||||
echo
|
echo
|
||||||
while read zone type hosts; do
|
cat /proc/net/ip_conntrack
|
||||||
echo "$zone ($type)"
|
;;
|
||||||
for host in $hosts; do
|
nat)
|
||||||
echo " $host"
|
[ $# -gt 1 ] && usage 1
|
||||||
|
echo "Shorewall Lite $version NAT Table at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_reset
|
||||||
|
$IPTABLES -t nat -L $IPT_OPTIONS
|
||||||
|
;;
|
||||||
|
tos|mangle)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
echo "Shorewall Lite $version Mangle Table at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_reset
|
||||||
|
$IPTABLES -t mangle -L $IPT_OPTIONS
|
||||||
|
;;
|
||||||
|
log)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
echo "Shorewall Lite $version Log at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_reset
|
||||||
|
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||||
|
packet_log 20
|
||||||
|
;;
|
||||||
|
tc)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
echo "Shorewall Lite $version Traffic Control at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_tc
|
||||||
|
;;
|
||||||
|
classifiers)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
echo "Shorewall Lite $version Clasifiers at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_classifiers
|
||||||
|
;;
|
||||||
|
zones)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
if [ -f ${VARDIR}/zones ]; then
|
||||||
|
echo "Shorewall Lite $version Zones at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
while read zone type hosts; do
|
||||||
|
echo "$zone ($type)"
|
||||||
|
for host in $hosts; do
|
||||||
|
echo " $host"
|
||||||
|
done
|
||||||
|
done < ${VARDIR}/zones
|
||||||
|
echo
|
||||||
|
else
|
||||||
|
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
capabilities)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
determine_capabilities
|
||||||
|
VERBOSE=2
|
||||||
|
report_capabilities
|
||||||
|
;;
|
||||||
|
config)
|
||||||
|
. ${SHAREDIR}/configpath
|
||||||
|
echo "Default CONFIG_PATH is $CONFIG_PATH"
|
||||||
|
echo "LITEDIR is $LITEDIR"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Shorewall Lite $version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_reset
|
||||||
|
if [ $# -gt 0 ]; then
|
||||||
|
for chain in $*; do
|
||||||
|
$IPTABLES -L $chain $IPT_OPTIONS
|
||||||
done
|
done
|
||||||
done < ${VARDIR}/zones
|
else
|
||||||
echo
|
$IPTABLES -L $IPT_OPTIONS
|
||||||
else
|
fi
|
||||||
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
;;
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
capabilities)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
determine_capabilities
|
|
||||||
VERBOSE=2
|
|
||||||
report_capabilities
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Shorewall Lite $version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
if [ $# -gt 0 ]; then
|
|
||||||
for chain in $*; do
|
|
||||||
$IPTABLES -L $chain $IPT_OPTIONS
|
|
||||||
done
|
|
||||||
else
|
|
||||||
$IPTABLES -L $IPT_OPTIONS
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@ -977,7 +982,7 @@ usage() # $1 = exit status
|
|||||||
echo " restart [ -n ] [ <directory> ]"
|
echo " restart [ -n ] [ <directory> ]"
|
||||||
echo " restore [ -n ] [ <file name> ]"
|
echo " restore [ -n ] [ <file name> ]"
|
||||||
echo " save [ <file name> ]"
|
echo " save [ <file name> ]"
|
||||||
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|mangle|nat|tc|zones]"
|
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|capabilities|classifiers|config|connections|log|mangle|nat|tc|zones]"
|
||||||
echo " start [ -f ] [ -n ] [ <directory> ]"
|
echo " start [ -f ] [ -n ] [ <directory> ]"
|
||||||
echo " stop"
|
echo " stop"
|
||||||
echo " status"
|
echo " status"
|
||||||
|
@ -308,7 +308,7 @@ save)
|
|||||||
;;
|
;;
|
||||||
|
|
||||||
show)
|
show)
|
||||||
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|macros|mangle|nat|tc|zones]
|
echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|config|connections|log|macros|mangle|nat|tc|zones]
|
||||||
|
|
||||||
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
shorewall [-x] show <chain> [ <chain> ... ] - produce a verbose report about the IPtable chain(s).
|
||||||
(iptables -L chain -n -v)
|
(iptables -L chain -n -v)
|
||||||
@ -336,6 +336,8 @@ show)
|
|||||||
|
|
||||||
shorewall show capabilities - displays your kernel/iptables capabilities
|
shorewall show capabilities - displays your kernel/iptables capabilities
|
||||||
|
|
||||||
|
shorewall show config - displays the default CONFIG_PATH and LITEDIR for your distribution
|
||||||
|
|
||||||
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
When -x is given, that option is also passed to iptables to display actual packet and byte counts."
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -889,105 +889,110 @@ show_command() {
|
|||||||
|
|
||||||
[ -n "$debugging" ] && set -x
|
[ -n "$debugging" ] && set -x
|
||||||
case "$1" in
|
case "$1" in
|
||||||
connections)
|
connections)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
echo "Shorewall-$version Connections at $HOSTNAME - $(date)"
|
echo "Shorewall-$version Connections at $HOSTNAME - $(date)"
|
||||||
echo
|
|
||||||
cat /proc/net/ip_conntrack
|
|
||||||
;;
|
|
||||||
nat)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall-$version NAT Table at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
$IPTABLES -t nat -L $IPT_OPTIONS
|
|
||||||
;;
|
|
||||||
tos|mangle)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall-$version Mangle Table at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
$IPTABLES -t mangle -L $IPT_OPTIONS
|
|
||||||
;;
|
|
||||||
log)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall-$version Log at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_reset
|
|
||||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
|
||||||
packet_log 20
|
|
||||||
;;
|
|
||||||
tc)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall-$version Traffic Control at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_tc
|
|
||||||
;;
|
|
||||||
classifiers)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
echo "Shorewall-$version Clasifiers at $HOSTNAME - $(date)"
|
|
||||||
echo
|
|
||||||
show_classifiers
|
|
||||||
;;
|
|
||||||
zones)
|
|
||||||
[ $# -gt 1 ] && usage 1
|
|
||||||
if [ -f ${VARDIR}/zones ]; then
|
|
||||||
echo "Shorewall-$version Zones at $HOSTNAME - $(date)"
|
|
||||||
echo
|
echo
|
||||||
while read zone type hosts; do
|
cat /proc/net/ip_conntrack
|
||||||
echo "$zone ($type)"
|
;;
|
||||||
for host in $hosts; do
|
nat)
|
||||||
echo " $host"
|
[ $# -gt 1 ] && usage 1
|
||||||
done
|
echo "Shorewall-$version NAT Table at $HOSTNAME - $(date)"
|
||||||
done < ${VARDIR}/zones
|
|
||||||
echo
|
echo
|
||||||
else
|
show_reset
|
||||||
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
$IPTABLES -t nat -L $IPT_OPTIONS
|
||||||
exit 1
|
;;
|
||||||
fi
|
tos|mangle)
|
||||||
;;
|
[ $# -gt 1 ] && usage 1
|
||||||
capabilities)
|
echo "Shorewall-$version Mangle Table at $HOSTNAME - $(date)"
|
||||||
[ $# -gt 1 ] && usage 1
|
echo
|
||||||
determine_capabilities
|
show_reset
|
||||||
VERBOSE=2
|
$IPTABLES -t mangle -L $IPT_OPTIONS
|
||||||
report_capabilities
|
;;
|
||||||
;;
|
log)
|
||||||
actions)
|
[ $# -gt 1 ] && usage 1
|
||||||
[ $# -gt 1 ] && usage 1
|
echo "Shorewall-$version Log at $HOSTNAME - $(date)"
|
||||||
echo "allowBcast # Silently Allow Broadcast/multicast"
|
echo
|
||||||
echo "dropBcast # Silently Drop Broadcast/multicast"
|
show_reset
|
||||||
echo "dropNotSyn # Silently Drop Non-syn TCP packets"
|
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||||
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
packet_log 20
|
||||||
echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state"
|
;;
|
||||||
echo "allowInvalid # Accept packets that are in the INVALID conntrack state."
|
tc)
|
||||||
echo "allowoutUPnP # Allow traffic from local command 'upnpd'"
|
[ $# -gt 1 ] && usage 1
|
||||||
echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic"
|
echo "Shorewall-$version Traffic Control at $HOSTNAME - $(date)"
|
||||||
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
echo
|
||||||
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
|
show_tc
|
||||||
;;
|
;;
|
||||||
macros)
|
classifiers)
|
||||||
[ $# -gt 1 ] && usage 1
|
[ $# -gt 1 ] && usage 1
|
||||||
for macro in ${SHAREDIR}/macro.*; do
|
echo "Shorewall-$version Clasifiers at $HOSTNAME - $(date)"
|
||||||
foo=`grep 'This macro' $macro | head -n 1`
|
echo
|
||||||
if [ -n "$foo" ]; then
|
show_classifiers
|
||||||
macro=${macro#*.}
|
;;
|
||||||
foo=${foo%.*}
|
zones)
|
||||||
echo " $macro ${foo#\#}" | sed 's/This macro //'
|
[ $# -gt 1 ] && usage 1
|
||||||
|
if [ -f ${VARDIR}/zones ]; then
|
||||||
|
echo "Shorewall-$version Zones at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
while read zone type hosts; do
|
||||||
|
echo "$zone ($type)"
|
||||||
|
for host in $hosts; do
|
||||||
|
echo " $host"
|
||||||
|
done
|
||||||
|
done < ${VARDIR}/zones
|
||||||
|
echo
|
||||||
|
else
|
||||||
|
echo " ERROR: ${VARDIR}/zones does not exist" >&2
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
;;
|
||||||
;;
|
capabilities)
|
||||||
*)
|
[ $# -gt 1 ] && usage 1
|
||||||
echo "Shorewall-$version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
determine_capabilities
|
||||||
echo
|
VERBOSE=2
|
||||||
show_reset
|
report_capabilities
|
||||||
if [ $# -gt 0 ]; then
|
;;
|
||||||
for chain in $*; do
|
actions)
|
||||||
$IPTABLES -L $chain $IPT_OPTIONS
|
[ $# -gt 1 ] && usage 1
|
||||||
|
echo "allowBcast # Silently Allow Broadcast/multicast"
|
||||||
|
echo "dropBcast # Silently Drop Broadcast/multicast"
|
||||||
|
echo "dropNotSyn # Silently Drop Non-syn TCP packets"
|
||||||
|
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
||||||
|
echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state"
|
||||||
|
echo "allowInvalid # Accept packets that are in the INVALID conntrack state."
|
||||||
|
echo "allowoutUPnP # Allow traffic from local command 'upnpd'"
|
||||||
|
echo "allowinUPnP # Allow UPnP inbound (to firewall) traffic"
|
||||||
|
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
||||||
|
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
|
||||||
|
;;
|
||||||
|
macros)
|
||||||
|
[ $# -gt 1 ] && usage 1
|
||||||
|
for macro in ${SHAREDIR}/macro.*; do
|
||||||
|
foo=`grep 'This macro' $macro | head -n 1`
|
||||||
|
if [ -n "$foo" ]; then
|
||||||
|
macro=${macro#*.}
|
||||||
|
foo=${foo%.*}
|
||||||
|
echo " $macro ${foo#\#}" | sed 's/This macro //'
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
else
|
;;
|
||||||
$IPTABLES -L $IPT_OPTIONS
|
config)
|
||||||
fi
|
. ${SHAREDIR}/configpath
|
||||||
;;
|
echo "Default CONFIG_PATH is $CONFIG_PATH"
|
||||||
|
echo "LITEDIR is $LITEDIR"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Shorewall-$version $([ $# -gt 0 ] && echo Chains || echo Chain) $* at $HOSTNAME - $(date)"
|
||||||
|
echo
|
||||||
|
show_reset
|
||||||
|
if [ $# -gt 0 ]; then
|
||||||
|
for chain in $*; do
|
||||||
|
$IPTABLES -L $chain $IPT_OPTIONS
|
||||||
|
done
|
||||||
|
else
|
||||||
|
$IPTABLES -L $IPT_OPTIONS
|
||||||
|
fi
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@ -1347,7 +1352,7 @@ usage() # $1 = exit status
|
|||||||
echo " restart [ -n ] [ <directory> ]"
|
echo " restart [ -n ] [ <directory> ]"
|
||||||
echo " restore [ -n ] [ <file name> ]"
|
echo " restore [ -n ] [ <file name> ]"
|
||||||
echo " save [ <file name> ]"
|
echo " save [ <file name> ]"
|
||||||
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
|
echo " show [ -x ] [ -m ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|log|macros|mangle|nat|tc|zones]"
|
||||||
echo " start [ -f ] [ -n ] [ <directory> ]"
|
echo " start [ -f ] [ -n ] [ <directory> ]"
|
||||||
echo " stop"
|
echo " stop"
|
||||||
echo " status"
|
echo " status"
|
||||||
|
@ -339,7 +339,8 @@ MODULESDIR=
|
|||||||
# to the front of this list.
|
# to the front of this list.
|
||||||
#
|
#
|
||||||
# If not specified or specified as null ("CONFIG_PATH=""),
|
# If not specified or specified as null ("CONFIG_PATH=""),
|
||||||
# CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
|
# the default is distribution-defined. See the output of "shorewall show
|
||||||
|
# config" to find the default value on your distribution.
|
||||||
#
|
#
|
||||||
|
|
||||||
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
|
||||||
|
@ -247,9 +247,16 @@
|
|||||||
class="directory">/var/lib/shorewall-lite</filename> in packages
|
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||||
from shorewall.net. The package maintainers for the various
|
from shorewall.net. The package maintainers for the various
|
||||||
distributions are free to choose the directory where the script
|
distributions are free to choose the directory where the script
|
||||||
will be stored under their distribution. You can look in your
|
will be stored under their distribution. See the output of
|
||||||
/usr/share/shorewall/configpath file to see what your
|
<command>shorewall[-lite] show config</command> for the value of
|
||||||
distribution defines for the value of LITEDIR.</para>
|
LITEDIR on your distribution.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||||
|
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||||
|
LITEDIR is /var/lib/shorewall-lite
|
||||||
|
gateway:~ #</programlisting>
|
||||||
</note>
|
</note>
|
||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
@ -398,6 +405,23 @@
|
|||||||
<programlisting><command>cd <configuration directory></command>
|
<programlisting><command>cd <configuration directory></command>
|
||||||
<command>/sbin/shorewall compile -e . firewall</command>
|
<command>/sbin/shorewall compile -e . firewall</command>
|
||||||
<command>scp firewall root@<firewall system>:/var/lib/shorewall-lite/</command></programlisting>
|
<command>scp firewall root@<firewall system>:/var/lib/shorewall-lite/</command></programlisting>
|
||||||
|
|
||||||
|
<note>
|
||||||
|
<para>The 'firewall' script is in <filename
|
||||||
|
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||||
|
from shorewall.net. The package maintainers for the various
|
||||||
|
distributions are free to choose the directory where the script
|
||||||
|
will be stored under their distribution. See the output of
|
||||||
|
<command>shorewall[-lite] show config</command> for the value of
|
||||||
|
LITEDIR on your distribution.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||||
|
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||||
|
LITEDIR is /var/lib/shorewall-lite
|
||||||
|
gateway:~ #</programlisting>
|
||||||
|
</note>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -433,10 +457,13 @@
|
|||||||
<programlisting>teastep@wookie:~$ <command>cd Configs/gateway</command>
|
<programlisting>teastep@wookie:~$ <command>cd Configs/gateway</command>
|
||||||
teastep@wookie:~/Configs/gateway$ <command>/sbin/shorewall reload gateway</command>
|
teastep@wookie:~/Configs/gateway$ <command>/sbin/shorewall reload gateway</command>
|
||||||
Compiling...
|
Compiling...
|
||||||
Shorewall configuration compiled to firewall
|
Shorewall configuration compiled to ./firewall
|
||||||
firewall 100% 29KB 29.3KB/s 00:00
|
Copying ./firewall to gateway:/var/lib/shorewall-lite...
|
||||||
|
firewall 100% 67KB 66.7KB/s 00:00
|
||||||
|
Copy complete
|
||||||
Restarting Shorewall Lite....
|
Restarting Shorewall Lite....
|
||||||
done.
|
done.
|
||||||
|
System gateway reloaded
|
||||||
teastep@wookie:~/Configs/gateway$</programlisting>
|
teastep@wookie:~/Configs/gateway$</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>2006-06-12</pubdate>
|
<pubdate>2006-06-17</pubdate>
|
||||||
|
|
||||||
<copyright>
|
<copyright>
|
||||||
<year>2001-2006</year>
|
<year>2001-2006</year>
|
||||||
@ -3058,8 +3058,9 @@ $FW chld ACCEPT</programlisting>
|
|||||||
<filename>/usr/share/shorewall/configpath</filename> are used. As
|
<filename>/usr/share/shorewall/configpath</filename> are used. As
|
||||||
released from shorewall.net, that file sets the CONFIG_PATH to
|
released from shorewall.net, that file sets the CONFIG_PATH to
|
||||||
<emphasis role="bold">/etc/shorewall:/usr/share/shorewall
|
<emphasis role="bold">/etc/shorewall:/usr/share/shorewall
|
||||||
</emphasis>but your particular distribution may set it
|
</emphasis>but your particular distribution may set it differently.
|
||||||
differently.</para>
|
See the output of <command>shorewall show config</command> for the
|
||||||
|
default on your system.</para>
|
||||||
|
|
||||||
<para>Note that the setting in
|
<para>Note that the setting in
|
||||||
<filename>/usr/share/shorewall/configpath</filename> is always used
|
<filename>/usr/share/shorewall/configpath</filename> is always used
|
||||||
|
@ -166,6 +166,23 @@
|
|||||||
firewall program. The program is generated using the
|
firewall program. The program is generated using the
|
||||||
<command>shorewall compile -e</command> command on a system with the
|
<command>shorewall compile -e</command> command on a system with the
|
||||||
full Shorewall product installed.</para>
|
full Shorewall product installed.</para>
|
||||||
|
|
||||||
|
<note>
|
||||||
|
<para>The 'firewall' script is in <filename
|
||||||
|
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||||
|
from shorewall.net. The package maintainers for the various
|
||||||
|
distributions are free to choose the directory where the script will
|
||||||
|
be stored under their distribution. See the output of
|
||||||
|
<command>shorewall[-lite] show config</command> for the value of
|
||||||
|
LITEDIR on your distribution.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||||
|
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||||
|
LITEDIR is /var/lib/shorewall-lite
|
||||||
|
gateway:~ #</programlisting>
|
||||||
|
</note>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -982,9 +999,16 @@
|
|||||||
class="directory">/var/lib/shorewall-lite</filename> in packages
|
class="directory">/var/lib/shorewall-lite</filename> in packages
|
||||||
from shorewall.net. The package maintainers for the various
|
from shorewall.net. The package maintainers for the various
|
||||||
distributions are free to choose the directory where the script
|
distributions are free to choose the directory where the script
|
||||||
will be stored under their distribution. You can look in your
|
will be stored under their distribution. See the output of
|
||||||
/usr/share/shorewall/configpath file to see what your distribution
|
<command>shorewall[-lite] show config</command> for the value of
|
||||||
defines for the value of LITEDIR.</para>
|
LITEDIR on your distribution.</para>
|
||||||
|
|
||||||
|
<para>Example:</para>
|
||||||
|
|
||||||
|
<programlisting>gateway:~ # <command>shorewall-lite show config</command>
|
||||||
|
Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite
|
||||||
|
LITEDIR is /var/lib/shorewall-lite
|
||||||
|
gateway:~ #</programlisting>
|
||||||
</note>
|
</note>
|
||||||
|
|
||||||
<para>Example: <command>shorewall reload gateway</command></para>
|
<para>Example: <command>shorewall reload gateway</command></para>
|
||||||
@ -1128,6 +1152,9 @@
|
|||||||
displays information about the traffic control/shaping
|
displays information about the traffic control/shaping
|
||||||
classifiers.</para>
|
classifiers.</para>
|
||||||
|
|
||||||
|
<para><command>shorewall[-lite] show config</command> - displays the
|
||||||
|
default CONFIG_PATH and LITEDIR for your distribution.</para>
|
||||||
|
|
||||||
<para><command>shorewall [ -x ] show macros (Not supported by
|
<para><command>shorewall [ -x ] show macros (Not supported by
|
||||||
Shorewall Lite)</command> — produces a list of macros available on
|
Shorewall Lite)</command> — produces a list of macros available on
|
||||||
the system.</para>
|
the system.</para>
|
||||||
|
Loading…
Reference in New Issue
Block a user