Hello, Is it possible that in the output of ''shorewall show chainname'' be extended with a description per line? Now all is lan adapter and IP based and therefore not immediatly clear what it is about. It would be nice if I could add a description per line. Is it clear what I mean? -- Groeten, Peter -- Who''s General Failure & why''s he reading my disk? --- --- Heb je een Dreambox 7000S ? --- Kijk eens op http://www.dreamvcr.com --- Kijk ook op http://www.lindeman.org --- ICQ 22383596 --- Uptime lindeman.org - 1 days, 2 hours and 8 minutes, 1 user logged in.
On Friday 09 January 2004 03:17 pm, Peter Lindeman wrote:> Hello, > > Is it possible that in the output of ''shorewall show chainname'' be > extended with a description per line? Now all is lan adapter and IP > based and therefore not immediatly clear what it is about. It would be > nice if I could add a description per line. Is it clear what I mean? >Sorry, no it isn''t... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep schreef:>>Is it possible that in the output of ''shorewall show chainname'' be >>extended with a description per line? Now all is lan adapter and IP >>based and therefore not immediatly clear what it is about. It would be >>nice if I could add a description per line. Is it clear what I mean? >> > > Sorry, no it isn''t...Ok, I will try to explain by an example ;-) I have an accounting chain dreamlocal here which output like this : Chain dreamlocal (4 references) pkts bytes target prot opt in out source destination 5138 506K tcp -- eth1 * 192.168.0.100 0.0.0.0/0 tcp dpt:1500 4867 308K tcp -- * eth1 0.0.0.0/0 192.168.0.100 tcp spt:1500 3207 295K tcp -- eth1 * 192.168.0.101 0.0.0.0/0 tcp dpt:1500 2873 185K tcp -- * eth1 0.0.0.0/0 192.168.0.101 tcp spt:1500 16085 1294K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 It would be nice if a comment could be added at the end of a line like this : Chain dreamlocal (4 references) pkts bytes target prot opt in out source destination 5138 506K tcp -- eth1 * 192.168.0.100 0.0.0.0/0 tcp dpt:1500 # Accounting for Dreamer of Pli incoming 4867 308K tcp -- * eth1 0.0.0.0/0 192.168.0.100 tcp spt:1500 # Accounting for Dreamer of Pli outgoing 3207 295K tcp -- eth1 * 192.168.0.101 0.0.0.0/0 tcp dpt:1500 # Another incoming dreamer 2873 185K tcp -- * eth1 0.0.0.0/0 192.168.0.101 tcp spt:1500 # Another outcoming dreamer 16085 1294K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 # This is the total of all dreamers It would be nice if such a comment could be appended and configured in /etc/accounting Then it is much more clear for the admin what an accounting rule is about. I hope now it is clear what I mean ;-) -- Groeten, Peter -- OH, SH*T! (as they scrabble at the keyboard for ^c). --- --- Heb je een Dreambox 7000S ? --- Kijk eens op http://www.dreamvcr.com --- Kijk ook op http://www.lindeman.org --- ICQ 22383596 --- Uptime lindeman.org - 1 days, 2 hours and 20 minutes, 1 user logged in.
On Friday 09 January 2004 03:30 pm, Peter Lindeman wrote:> > It would be nice if a comment could be added at the end of a line like > this : > > Chain dreamlocal (4 references) > pkts bytes target prot opt in out source > destination > 5138 506K tcp -- eth1 * 192.168.0.100 > 0.0.0.0/0 tcp dpt:1500 # Accounting for Dreamer of Pli incoming > 4867 308K tcp -- * eth1 0.0.0.0/0 > 192.168.0.100 tcp spt:1500 # Accounting for Dreamer of Pli outgoing > 3207 295K tcp -- eth1 * 192.168.0.101 > 0.0.0.0/0 tcp dpt:1500 # Another incoming dreamer > 2873 185K tcp -- * eth1 0.0.0.0/0 > 192.168.0.101 tcp spt:1500 # Another outcoming dreamer > 16085 1294K RETURN all -- * * 0.0.0.0/0 > 0.0.0.0/0 # This is the total of all dreamers > > It would be nice if such a comment could be appended and configured in > /etc/accounting > > Then it is much more clear for the admin what an accounting rule is > about. I hope now it is clear what I mean ;-) >The above really isn''t feasible given that iptables has no mechanism for attaching arbitrary text to a rule. Sorry, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Friday 09 January 2004 03:33 pm, Tom Eastep wrote:> > > > Then it is much more clear for the admin what an accounting rule is > > about. I hope now it is clear what I mean ;-) > > The above really isn''t feasible given that iptables has no mechanism for > attaching arbitrary text to a rule. >You might want to check the archives for information about integrating shorewall accounting and MRTG; that would give you the ability to customize the counter displays a bit... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep schreef:>>It would be nice if such a comment could be appended and configured in >>/etc/accounting >> >>Then it is much more clear for the admin what an accounting rule is >>about. I hope now it is clear what I mean ;-) >> > > > The above really isn''t feasible given that iptables has no mechanism for > attaching arbitrary text to a rule.Ok, that is clear, I did not know how the screen was build but what I understand from you is that this is output straight from iptables? -- Groeten, Peter -- Cannot load a string. --- --- Heb je een Dreambox 7000S ? --- Kijk eens op http://www.dreamvcr.com --- Kijk ook op http://www.lindeman.org --- ICQ 22383596 --- Uptime lindeman.org - 1 days, 2 hours and 32 minutes, 0 users logged in.
Tom Eastep schreef:>>>Then it is much more clear for the admin what an accounting rule is >>>about. I hope now it is clear what I mean ;-) >> >>The above really isn''t feasible given that iptables has no mechanism for >>attaching arbitrary text to a rule. >> > > You might want to check the archives for information about integrating > shorewall accounting and MRTG; that would give you the ability to customize > the counter displays a bit...I will do, thanks for that tip! -- Groeten, Peter -- WinErr: 013 Unexpected error - Huh ? --- --- Heb je een Dreambox 7000S ? --- Kijk eens op http://www.dreamvcr.com --- Kijk ook op http://www.lindeman.org --- ICQ 22383596 --- Uptime lindeman.org - 1 days, 2 hours and 40 minutes, 0 users logged in.
On Friday 09 January 2004 03:35 pm, Peter Lindeman wrote:> Tom Eastep schreef: > >>It would be nice if such a comment could be appended and configured in > >>/etc/accounting > >> > >>Then it is much more clear for the admin what an accounting rule is > >>about. I hope now it is clear what I mean ;-) > > > > The above really isn''t feasible given that iptables has no mechanism for > > attaching arbitrary text to a rule. > > Ok, that is clear, I did not know how the screen was build but what I > understand from you is that this is output straight from iptables?Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net