On 10/1/10 11:27 AM, Mr Dash Four wrote:
>
>> I don't want to create a new filter language and embed it in Shorewall
>> (sed, awk, perl, ... are enough) but what I can do is support an
>> /etc/shorewall/scfilter script. If present and executable, Shorewall
>> (Shorewall6, Shorewall-lite,...) will pipe each connection through the
>> script.
>>
>> I've prototyped it with the following trivial /etc/shorewall/scfilter file:
>>
>> #!/bin/sh
>> sed 's/secmark=0 //'
>>
> That is the same as 'shorewall show connections | scfilter' so I fail to
> see what it is exactly that you are 'supporting'?
>
> My idea was more to do with inclusion as well as presenting what is
> captured. A simple example:
>
> If I have a connection with '431959 ESTABLISHED src=10.1.2.7
> dst=10.1.1.3' (4 fields shown - ttl: without explicitly named;
> connection status: without explicitly named; source ip; and destination ip)
>
> I could use a configuration option in shorewall.conf, say,
> CONNECTIONS_DISPLAY_FORMAT=[src,Source IP,%17s,10\.1\.2\.7,red,normal]
> [dst,Destination IP,%17s,,,normal] [_status,Connection
> Status,%s,ESTABLISHED,red,normal] [_ttl,TTL,%8u,,,normal]
>
> Each element may be defined with '[' and ']' and in between the format
> could be '[' {field_name} ',' {field_display_name} ','
> {field_formatting_printf_style} ',' {highlight_regex} ','
> {highlight_colour} ',' {regular_colour} ']'
>
> If field definition is omitted that field is not displayed. So,
> Shorewall on startup parses the above option and stores it.
>
> When I execute 'shorewall show connections' each line is parsed, values
> for each defined field extracted and formatted according to
> CONNECTIONS_DISPLAY_FORMAT. There could be another option, say,
> CONNECTIONS_DISPLAY_HEADER=Yes/No with which to display a header line
> first (the value of 'field_display_name' for each defined element) and
> then show only the values of each element, appropriately formatted.
>
> If the value of 'highlight_regex' matches that of the retrieved value
> use the highlight colour, otherwise use the 'normal' colour (it that way
> I could define and see multiple matches). Not very complicated is it?I have absolutely no interest in writing, documenting or supporting such a thing. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
