Skip to content

Commit

Permalink
T6723: firewall: extend op-mode commands <show firewall ..> and a <sh…
Browse files Browse the repository at this point in the history 
…ow log firewall ..> in order to match all chains/priorities
  • Loading branch information
@nicolas-fort
nicolas-fort committed Sep 18, 2024
1 parent 4d5cba6 commit 38511df
Show file tree
Hide file tree
Showing 2 changed files with 345 additions and 0 deletions.
220 changes: 220 additions & 0 deletions op-mode-definitions/firewall.xml.in
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,138 @@
</node>
</children>
</node>
<node name="input">
<properties>
<help>Show bridge input firewall ruleset</help>
</properties>
<children>
<node name="filter">
<properties>
<help>Show bridge input filter firewall ruleset</help>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of bridge input filter firewall rules</help>
<completionHelp>
<path>firewall bridge input filter detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
<help>Show summary of bridge input filter firewall rules</help>
<completionHelp>
<path>firewall bridge input filter rule</path>
</completionHelp>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of specific bridge input filter firewall rule</help>
<completionHelp>
<path>firewall bridge input filter detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
<node name="output">
<properties>
<help>Show bridge output firewall ruleset</help>
</properties>
<children>
<node name="filter">
<properties>
<help>Show bridge output filter firewall ruleset</help>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of bridge output filter firewall rules</help>
<completionHelp>
<path>firewall bridge output filter detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
<help>Show summary of bridge output filter firewall rules</help>
<completionHelp>
<path>firewall bridge output filter rule</path>
</completionHelp>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of specific bridge output filter firewall rule</help>
<completionHelp>
<path>firewall bridge output filter detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
<node name="prerouting">
<properties>
<help>Show bridge prerouting firewall ruleset</help>
</properties>
<children>
<node name="filter">
<properties>
<help>Show bridge prerouting filter firewall ruleset</help>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of bridge prerouting filter firewall rules</help>
<completionHelp>
<path>firewall bridge prerouting filter detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
<help>Show summary of bridge prerouting filter firewall rules</help>
<completionHelp>
<path>firewall bridge prerouting filter rule</path>
</completionHelp>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of specific bridge prerouting filter firewall rule</help>
<completionHelp>
<path>firewall bridge prerouting filter detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
<tagNode name="name">
<properties>
<help>Show bridge custom firewall chains</help>
Expand Down Expand Up @@ -278,6 +410,50 @@
</node>
</children>
</node>
<node name="prerouting">
<properties>
<help>Show IPv6 prerouting firewall ruleset</help>
</properties>
<children>
<node name="raw">
<properties>
<help>Show IPv6 prerouting raw firewall ruleset</help>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of IPv6 prerouting raw firewall ruleset</help>
<completionHelp>
<path>firewall ipv6 prerouting raw detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
<help>Show summary of IPv6 prerouting raw firewall rules</help>
<completionHelp>
<path>firewall ipv6 prerouting raw rule</path>
</completionHelp>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of IPv6 prerouting raw firewall rules</help>
<completionHelp>
<path>firewall ipv6 prerouting raw rule detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
<tagNode name="name">
<properties>
<help>Show IPv6 custom firewall chains</help>
Expand Down Expand Up @@ -458,6 +634,50 @@
</node>
</children>
</node>
<node name="prerouting">
<properties>
<help>Show IPv4 prerouting firewall ruleset</help>
</properties>
<children>
<node name="raw">
<properties>
<help>Show IPv4 prerouting raw firewall ruleset</help>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of IPv4 prerouting raw firewall ruleset</help>
<completionHelp>
<path>firewall ipv4 prerouting raw detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
</leafNode>
<tagNode name="rule">
<properties>
<help>Show summary of IPv4 prerouting raw firewall rules</help>
<completionHelp>
<path>firewall ipv4 prerouting raw rule</path>
</completionHelp>
</properties>
<children>
<leafNode name="detail">
<properties>
<help>Show list view of IPv4 prerouting raw firewall rules</help>
<completionHelp>
<path>firewall ipv4 prerouting raw rule detail</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
</leafNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
</node>
</children>
</node>
<tagNode name="name">
<properties>
<help>Show IPv4 custom firewall chains</help>
Expand Down
125 changes: 125 additions & 0 deletions op-mode-definitions/show-log.xml.in
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,81 @@
</node>
</children>
</node>
<node name="input">
<properties>
<help>Show Bridge input firewall log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep bri-INP</command>
<children>
<node name="filter">
<properties>
<help>Show Bridge firewall input filter</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep bri-INP-filter</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall bridge input filter rule</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot -k | egrep "\[bri-INP-filter-$8-[ADRJC]\]"</command>
</tagNode>
</children>
</node>
</children>
</node>
<node name="output">
<properties>
<help>Show Bridge output firewall log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep bri-OUT</command>
<children>
<node name="filter">
<properties>
<help>Show Bridge firewall output filter</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep bri-OUT-filter</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall bridge output filter rule</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot -k | egrep "\[bri-OUT-filter-$8-[ADRJC]\]"</command>
</tagNode>
</children>
</node>
</children>
</node>
<node name="prerouting">
<properties>
<help>Show Bridge prerouting firewall log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep bri-PRE</command>
<children>
<node name="filter">
<properties>
<help>Show Bridge firewall prerouting filter</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep bri-PRE-filter</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall bridge prerouting filter rule</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot -k | egrep "\[bri-PRE-filter-$8-[ADRJC]\]"</command>
</tagNode>
</children>
</node>
</children>
</node>
<tagNode name="name">
<properties>
<help>Show custom Bridge firewall log</help>
Expand Down Expand Up @@ -295,6 +370,31 @@
</node>
</children>
</node>
<node name="prerouting">
<properties>
<help>Show firewall IPv4 prerouting log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep ipv4-PRE</command>
<children>
<node name="raw">
<properties>
<help>Show firewall IPv4 prerouting raw log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep ipv4-PRE-raw</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall ipv4 prerouting raw rule</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot -k | egrep "\[ipv4-PRE-raw-$8-[ADRJC]\]"</command>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="ipv6">
Expand Down Expand Up @@ -398,6 +498,31 @@
</node>
</children>
</node>
<node name="prerouting">
<properties>
<help>Show firewall IPv6 prerouting log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep ipv6-PRE</command>
<children>
<node name="raw">
<properties>
<help>Show firewall IPv6 prerouting raw log</help>
</properties>
<command>journalctl --no-hostname --boot -k | grep ipv6-PRE-raw</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall ipv6 prerouting raw rule</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot -k | egrep "\[ipv6-PRE-raw-$8-[ADRJC]\]"</command>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
</children>
Expand Down

0 comments on commit 38511df

Please sign in to comment.