> I don't want to create a new filter language and embed it in Shorewall
> (sed, awk, perl, ... are enough) but what I can do is support an
> /etc/shorewall/scfilter script. If present and executable, Shorewall
> (Shorewall6, Shorewall-lite,...) will pipe each connection through the
> script.
>
> I've prototyped it with the following trivial /etc/shorewall/scfilter file:
>
> #!/bin/sh
> sed 's/secmark=0 //'
>
That is the same as 'shorewall show connections | scfilter' so I fail to
see what it is exactly that you are 'supporting'?
My idea was more to do with inclusion as well as presenting what is
captured. A simple example:
If I have a connection with '431959 ESTABLISHED src=10.1.2.7
dst=10.1.1.3' (4 fields shown - ttl: without explicitly named;
connection status: without explicitly named; source ip; and destination ip)
I could use a configuration option in shorewall.conf, say,
CONNECTIONS_DISPLAY_FORMAT=[src,Source IP,%17s,10\.1\.2\.7,red,normal]
[dst,Destination IP,%17s,,,normal] [_status,Connection
Status,%s,ESTABLISHED,red,normal] [_ttl,TTL,%8u,,,normal]
Each element may be defined with '[' and ']' and in between the format
could be '[' {field_name} ',' {field_display_name} ','
{field_formatting_printf_style} ',' {highlight_regex} ','
{highlight_colour} ',' {regular_colour} ']'
If field definition is omitted that field is not displayed. So,
Shorewall on startup parses the above option and stores it.
When I execute 'shorewall show connections' each line is parsed, values
for each defined field extracted and formatted according to
CONNECTIONS_DISPLAY_FORMAT. There could be another option, say,
CONNECTIONS_DISPLAY_HEADER=Yes/No with which to display a header line
first (the value of 'field_display_name' for each defined element) and
then show only the values of each element, appropriately formatted.
If the value of 'highlight_regex' matches that of the retrieved value
use the highlight colour, otherwise use the 'normal' colour (it that way
I could define and see multiple matches). Not very complicated is it?
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
