Tom Eastep wrote:
> On 10/1/10 11:27 AM, Mr Dash Four wrote:
>
>>> I don't want to create a new filter language and embed it in Shorewall
>>> (sed, awk, perl, ... are enough) but what I can do is support an
>>> /etc/shorewall/scfilter script. If present and executable, Shorewall
>>> (Shorewall6, Shorewall-lite,...) will pipe each connection through the
>>> script.
>>>
>>> I've prototyped it with the following trivial /etc/shorewall/scfilter file:
>>>
>>> #!/bin/sh
>>> sed 's/secmark=0 //'
>>>
>>>
>> That is the same as 'shorewall show connections | scfilter' so I fail to
>> see what it is exactly that you are 'supporting'?
>>
>> My idea was more to do with inclusion as well as presenting what is
>> captured. A simple example:
>>
>> If I have a connection with '431959 ESTABLISHED src=10.1.2.7
>> dst=10.1.1.3' (4 fields shown - ttl: without explicitly named;
>> connection status: without explicitly named; source ip; and destination ip)
>>
>> I could use a configuration option in shorewall.conf, say,
>> CONNECTIONS_DISPLAY_FORMAT=[src,Source IP,%17s,10\.1\.2\.7,red,normal]
>> [dst,Destination IP,%17s,,,normal] [_status,Connection
>> Status,%s,ESTABLISHED,red,normal] [_ttl,TTL,%8u,,,normal]
>>
>> Each element may be defined with '[' and ']' and in between the format
>> could be '[' {field_name} ',' {field_display_name} ','
>> {field_formatting_printf_style} ',' {highlight_regex} ','
>> {highlight_colour} ',' {regular_colour} ']'
>>
>> If field definition is omitted that field is not displayed. So,
>> Shorewall on startup parses the above option and stores it.
>>
>> When I execute 'shorewall show connections' each line is parsed, values
>> for each defined field extracted and formatted according to
>> CONNECTIONS_DISPLAY_FORMAT. There could be another option, say,
>> CONNECTIONS_DISPLAY_HEADER=Yes/No with which to display a header line
>> first (the value of 'field_display_name' for each defined element) and
>> then show only the values of each element, appropriately formatted.
>>
>> If the value of 'highlight_regex' matches that of the retrieved value
>> use the highlight colour, otherwise use the 'normal' colour (it that way
>> I could define and see multiple matches). Not very complicated is it?
>>
>
> I have absolutely no interest in writing, documenting or supporting such
> a thing.
>
> -Tom
>
>
I see you can't be arsed which is fair enough I suppose. I am at least
hopeful that you do introduce support for 'shorewall show connections |
scfilter' in the next beta you release.
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
