Could the output of this be customised (via a configuration file perhaps)? I am currently filtering the output of this to exclude elements I do not need to see (like ''zone'' for example), but it would be nice if I could configure which ''columns'' to show, in what order, to have different names for each ''column'' and, maybe, introduce colour-coding (to highlight the secctx field with a particular value for example). Is that doable? ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
On 10/1/10 2:58 AM, Mr Dash Four wrote:> Could the output of this be customised (via a configuration file perhaps)? > > I am currently filtering the output of this to exclude elements I do not > need to see (like ''zone'' for example), but it would be nice if I could > configure which ''columns'' to show, in what order, to have different > names for each ''column'' and, maybe, introduce colour-coding (to > highlight the secctx field with a particular value for example). Is that > doable?I don''t want to create a new filter language and embed it in Shorewall (sed, awk, perl, ... are enough) but what I can do is support an /etc/shorewall/scfilter script. If present and executable, Shorewall (Shorewall6, Shorewall-lite,...) will pipe each connection through the script. I''ve prototyped it with the following trivial /etc/shorewall/scfilter file: #!/bin/sh sed ''s/secmark=0 //'' That removes the secmark column, which I don''t find interesting. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
> I don''t want to create a new filter language and embed it in Shorewall > (sed, awk, perl, ... are enough) but what I can do is support an > /etc/shorewall/scfilter script. If present and executable, Shorewall > (Shorewall6, Shorewall-lite,...) will pipe each connection through the > script. > > I''ve prototyped it with the following trivial /etc/shorewall/scfilter file: > > #!/bin/sh > sed ''s/secmark=0 //'' >That is the same as ''shorewall show connections | scfilter'' so I fail to see what it is exactly that you are ''supporting''? My idea was more to do with inclusion as well as presenting what is captured. A simple example: If I have a connection with ''431959 ESTABLISHED src=10.1.2.7 dst=10.1.1.3'' (4 fields shown - ttl: without explicitly named; connection status: without explicitly named; source ip; and destination ip) I could use a configuration option in shorewall.conf, say, CONNECTIONS_DISPLAY_FORMAT=[src,Source IP,%17s,10\.1\.2\.7,red,normal] [dst,Destination IP,%17s,,,normal] [_status,Connection Status,%s,ESTABLISHED,red,normal] [_ttl,TTL,%8u,,,normal] Each element may be defined with ''['' and '']'' and in between the format could be ''['' {field_name} '','' {field_display_name} '','' {field_formatting_printf_style} '','' {highlight_regex} '','' {highlight_colour} '','' {regular_colour} '']'' If field definition is omitted that field is not displayed. So, Shorewall on startup parses the above option and stores it. When I execute ''shorewall show connections'' each line is parsed, values for each defined field extracted and formatted according to CONNECTIONS_DISPLAY_FORMAT. There could be another option, say, CONNECTIONS_DISPLAY_HEADER=Yes/No with which to display a header line first (the value of ''field_display_name'' for each defined element) and then show only the values of each element, appropriately formatted. If the value of ''highlight_regex'' matches that of the retrieved value use the highlight colour, otherwise use the ''normal'' colour (it that way I could define and see multiple matches). Not very complicated is it? ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
On 10/1/10 11:27 AM, Mr Dash Four wrote:> >> I don''t want to create a new filter language and embed it in Shorewall >> (sed, awk, perl, ... are enough) but what I can do is support an >> /etc/shorewall/scfilter script. If present and executable, Shorewall >> (Shorewall6, Shorewall-lite,...) will pipe each connection through the >> script. >> >> I''ve prototyped it with the following trivial /etc/shorewall/scfilter file: >> >> #!/bin/sh >> sed ''s/secmark=0 //'' >> > That is the same as ''shorewall show connections | scfilter'' so I fail to > see what it is exactly that you are ''supporting''? > > My idea was more to do with inclusion as well as presenting what is > captured. A simple example: > > If I have a connection with ''431959 ESTABLISHED src=10.1.2.7 > dst=10.1.1.3'' (4 fields shown - ttl: without explicitly named; > connection status: without explicitly named; source ip; and destination ip) > > I could use a configuration option in shorewall.conf, say, > CONNECTIONS_DISPLAY_FORMAT=[src,Source IP,%17s,10\.1\.2\.7,red,normal] > [dst,Destination IP,%17s,,,normal] [_status,Connection > Status,%s,ESTABLISHED,red,normal] [_ttl,TTL,%8u,,,normal] > > Each element may be defined with ''['' and '']'' and in between the format > could be ''['' {field_name} '','' {field_display_name} '','' > {field_formatting_printf_style} '','' {highlight_regex} '','' > {highlight_colour} '','' {regular_colour} '']'' > > If field definition is omitted that field is not displayed. So, > Shorewall on startup parses the above option and stores it. > > When I execute ''shorewall show connections'' each line is parsed, values > for each defined field extracted and formatted according to > CONNECTIONS_DISPLAY_FORMAT. There could be another option, say, > CONNECTIONS_DISPLAY_HEADER=Yes/No with which to display a header line > first (the value of ''field_display_name'' for each defined element) and > then show only the values of each element, appropriately formatted. > > If the value of ''highlight_regex'' matches that of the retrieved value > use the highlight colour, otherwise use the ''normal'' colour (it that way > I could define and see multiple matches). Not very complicated is it?I have absolutely no interest in writing, documenting or supporting such a thing. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
Tom Eastep wrote:> On 10/1/10 11:27 AM, Mr Dash Four wrote: > >>> I don''t want to create a new filter language and embed it in Shorewall >>> (sed, awk, perl, ... are enough) but what I can do is support an >>> /etc/shorewall/scfilter script. If present and executable, Shorewall >>> (Shorewall6, Shorewall-lite,...) will pipe each connection through the >>> script. >>> >>> I''ve prototyped it with the following trivial /etc/shorewall/scfilter file: >>> >>> #!/bin/sh >>> sed ''s/secmark=0 //'' >>> >>> >> That is the same as ''shorewall show connections | scfilter'' so I fail to >> see what it is exactly that you are ''supporting''? >> >> My idea was more to do with inclusion as well as presenting what is >> captured. A simple example: >> >> If I have a connection with ''431959 ESTABLISHED src=10.1.2.7 >> dst=10.1.1.3'' (4 fields shown - ttl: without explicitly named; >> connection status: without explicitly named; source ip; and destination ip) >> >> I could use a configuration option in shorewall.conf, say, >> CONNECTIONS_DISPLAY_FORMAT=[src,Source IP,%17s,10\.1\.2\.7,red,normal] >> [dst,Destination IP,%17s,,,normal] [_status,Connection >> Status,%s,ESTABLISHED,red,normal] [_ttl,TTL,%8u,,,normal] >> >> Each element may be defined with ''['' and '']'' and in between the format >> could be ''['' {field_name} '','' {field_display_name} '','' >> {field_formatting_printf_style} '','' {highlight_regex} '','' >> {highlight_colour} '','' {regular_colour} '']'' >> >> If field definition is omitted that field is not displayed. So, >> Shorewall on startup parses the above option and stores it. >> >> When I execute ''shorewall show connections'' each line is parsed, values >> for each defined field extracted and formatted according to >> CONNECTIONS_DISPLAY_FORMAT. There could be another option, say, >> CONNECTIONS_DISPLAY_HEADER=Yes/No with which to display a header line >> first (the value of ''field_display_name'' for each defined element) and >> then show only the values of each element, appropriately formatted. >> >> If the value of ''highlight_regex'' matches that of the retrieved value >> use the highlight colour, otherwise use the ''normal'' colour (it that way >> I could define and see multiple matches). Not very complicated is it? >> > > I have absolutely no interest in writing, documenting or supporting such > a thing. > > -Tom > >I see you can''t be arsed which is fair enough I suppose. I am at least hopeful that you do introduce support for ''shorewall show connections | scfilter'' in the next beta you release. ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
On 10/01/2010 11:57 AM, Mr Dash Four wrote:>> > I see you can''t be arsed which is fair enough I suppose.I do Shorewall because I enjoy it. I don''t make a cent from Shorewall and, because of the equipment and internet connection requirements, it actually ends up costing me money. So when I implement a new feature, I must have a need and/or an interest in the feature; otherwise, it becomes too much like work :-)> I am at least hopeful that you do introduce support for ''shorewall show > connections | scfilter'' in the next beta you release.It will be there. And I''ve dropped the requirement that the script be executable, given that SELinux would probably frown upon an executable in /etc/shorwall*. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev