From 2c8e41465ee3e4ee8fe5048df3265c7b10ee3b91 Mon Sep 17 00:00:00 2001
From: Indrajit Raychaudhuri <irc@indrajit.com>
Date: Mon, 18 Dec 2023 02:45:12 -0600
Subject: firewall: T5834: Rename 'enable-default-log' to 'default-log'

Rename chain level defaults log option from `enable-default-log` to
`default-log` for consistency.

(cherry picked from commit 245e758aa2ea8779186d0c92d79d33170d036992)
---
 interface-definitions/firewall.xml.in              |  2 +-
 .../include/firewall/bridge-custom-name.xml.i      |  4 ++--
 .../include/firewall/bridge-hook-forward.xml.i     |  3 ++-
 .../include/firewall/default-log.xml.i             |  8 ++++++++
 .../include/firewall/enable-default-log.xml.i      |  8 --------
 .../include/firewall/ipv4-custom-name.xml.i        |  4 ++--
 .../include/firewall/ipv4-hook-forward.xml.i       |  4 ++--
 .../include/firewall/ipv4-hook-input.xml.i         |  4 ++--
 .../include/firewall/ipv4-hook-output.xml.i        |  4 ++--
 .../include/firewall/ipv6-custom-name.xml.i        |  4 ++--
 .../include/firewall/ipv6-hook-forward.xml.i       |  4 ++--
 .../include/firewall/ipv6-hook-input.xml.i         |  4 ++--
 .../include/firewall/ipv6-hook-output.xml.i        |  4 ++--
 interface-definitions/policy-route.xml.in          |  4 ++--
 python/vyos/template.py                            |  2 +-
 smoketest/scripts/cli/test_firewall.py             | 23 +++++++++++-----------
 16 files changed, 44 insertions(+), 42 deletions(-)
 create mode 100644 interface-definitions/include/firewall/default-log.xml.i
 delete mode 100644 interface-definitions/include/firewall/enable-default-log.xml.i

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 70afdc995..a4023058f 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -368,7 +368,7 @@
         </properties>
         <children>
           #include <include/generic-description.xml.i>
-          #include <include/firewall/enable-default-log.xml.i>
+          #include <include/firewall/default-log.xml.i>
           <leafNode name="default-action">
             <properties>
               <help>Default-action for traffic coming into this zone</help>
diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i
index a85fd5a19..654493c0e 100644
--- a/interface-definitions/include/firewall/bridge-custom-name.xml.i
+++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i
@@ -8,7 +8,7 @@
   </properties>
   <children>
     #include <include/firewall/default-action.xml.i>
-    #include <include/firewall/enable-default-log.xml.i>
+    #include <include/firewall/default-log.xml.i>
     #include <include/generic-description.xml.i>
     <leafNode name="default-jump-target">
       <properties>
@@ -36,4 +36,4 @@
     </tagNode>
   </children>
 </tagNode>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
index 23d757070..99f66ec77 100644
--- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
@@ -10,6 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -31,4 +32,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i
new file mode 100644
index 000000000..dceacdb89
--- /dev/null
+++ b/interface-definitions/include/firewall/default-log.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from firewall/default-log.xml.i -->
+<leafNode name="default-log">
+  <properties>
+    <help>Log packets hitting default-action</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i
deleted file mode 100644
index 0efd8341b..000000000
--- a/interface-definitions/include/firewall/enable-default-log.xml.i
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- include start from firewall/enable-default-log.xml.i -->
-<leafNode name="enable-default-log">
-  <properties>
-    <help>Log packets hitting default-action</help>
-    <valueless/>
-  </properties>
-</leafNode>
-<!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i
index c6420fe1f..8199d15fe 100644
--- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i
+++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i
@@ -8,7 +8,7 @@
   </properties>
   <children>
     #include <include/firewall/default-action.xml.i>
-    #include <include/firewall/enable-default-log.xml.i>
+    #include <include/firewall/default-log.xml.i>
     #include <include/generic-description.xml.i>
     <leafNode name="default-jump-target">
       <properties>
@@ -39,4 +39,4 @@
     </tagNode>
   </children>
 </tagNode>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
index 100f1c3d9..de2c70482 100644
--- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
@@ -10,7 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
-        #include <include/firewall/enable-default-log.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -36,4 +36,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
index 22546640b..5d32657ea 100644
--- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
@@ -10,7 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
-        #include <include/firewall/enable-default-log.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -33,4 +33,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i
index 80c30cdeb..2b537ce5e 100644
--- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i
@@ -10,7 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
-        #include <include/firewall/enable-default-log.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -33,4 +33,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i
index 2cc45a60c..5748b3927 100644
--- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i
+++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i
@@ -8,7 +8,7 @@
   </properties>
   <children>
     #include <include/firewall/default-action.xml.i>
-    #include <include/firewall/enable-default-log.xml.i>
+    #include <include/firewall/default-log.xml.i>
     #include <include/generic-description.xml.i>
     <leafNode name="default-jump-target">
       <properties>
@@ -39,4 +39,4 @@
     </tagNode>
   </children>
 </tagNode>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
index fb38267eb..b53f09f59 100644
--- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
@@ -10,7 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
-        #include <include/firewall/enable-default-log.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -36,4 +36,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
index 49d4493cc..493611fb1 100644
--- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
@@ -10,7 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
-        #include <include/firewall/enable-default-log.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -33,4 +33,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i
index 452b9027f..ffe1c72b8 100644
--- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i
@@ -10,7 +10,7 @@
       </properties>
       <children>
         #include <include/firewall/default-action-base-chains.xml.i>
-        #include <include/firewall/enable-default-log.xml.i>
+        #include <include/firewall/default-log.xml.i>
         #include <include/generic-description.xml.i>
         <tagNode name="rule">
           <properties>
@@ -33,4 +33,4 @@
     </node>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index d4ec75786..92e7a0cb4 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -12,7 +12,7 @@
         </properties>
         <children>
           #include <include/generic-description.xml.i>
-          #include <include/firewall/enable-default-log.xml.i>
+          #include <include/firewall/default-log.xml.i>
           #include <include/generic-interface-multi-wildcard.xml.i>
           <tagNode name="rule">
             <properties>
@@ -67,7 +67,7 @@
         </properties>
         <children>
           #include <include/generic-description.xml.i>
-          #include <include/firewall/enable-default-log.xml.i>
+          #include <include/firewall/default-log.xml.i>
           #include <include/generic-interface-multi-wildcard.xml.i>
           <tagNode name="rule">
             <properties>
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 119ea54d6..b65386654 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -579,7 +579,7 @@ def nft_default_rule(fw_conf, fw_name, ipv6=False):
     default_action = fw_conf['default_action']
     family = 'ipv6' if ipv6 else 'ipv4'
 
-    if 'enable_default_log' in fw_conf:
+    if 'default_log' in fw_conf:
         action_suffix = default_action[:1].upper()
         output.append(f'log prefix "[{family}-{fw_name[:19]}-default-{action_suffix}]"')
 
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 980b50556..a3885158b 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -209,7 +209,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         conn_mark = '555'
 
         self.cli_set(['firewall', 'ipv4', 'name', name, 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv4', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv4', 'name', name, 'default-log'])
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'action', 'accept'])
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'source', 'address', '172.16.20.10'])
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'destination', 'address', '172.16.10.10'])
@@ -226,7 +226,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '2', 'ttl', 'gt', '102'])
 
         self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'default-log'])
         self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '3', 'action', 'accept'])
         self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '3', 'protocol', 'tcp'])
         self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '3', 'destination', 'port', '22'])
@@ -250,7 +250,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '6', 'connection-mark', conn_mark])
 
         self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'default-log'])
         self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'rule', '5', 'action', 'drop'])
         self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'rule', '5', 'protocol', 'gre'])
         self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'rule', '5', 'outbound-interface', 'name', interface_inv])
@@ -291,7 +291,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         interface = 'eth0'
 
         self.cli_set(['firewall', 'ipv4', 'name', name, 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv4', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv4', 'name', name, 'default-log'])
 
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '6', 'action', 'accept'])
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '6', 'packet-length', '64'])
@@ -353,7 +353,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'group', 'address-group', 'mask_group', 'address', '1.1.1.1'])
 
         self.cli_set(['firewall', 'ipv4', 'name', name, 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv4', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv4', 'name', name, 'default-log'])
 
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'action', 'drop'])
         self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'destination', 'address', '0.0.1.2'])
@@ -387,7 +387,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'global-options', 'state-policy', 'invalid', 'action', 'drop'])
 
         self.cli_set(['firewall', 'ipv6', 'name', name, 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv6', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv6', 'name', name, 'default-log'])
 
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'action', 'accept'])
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'source', 'address', '2002::1'])
@@ -396,14 +396,14 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'log-options', 'level', 'crit'])
 
         self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'default-action', 'accept'])
-        self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'default-log'])
         self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'action', 'reject'])
         self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'protocol', 'tcp_udp'])
         self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'destination', 'port', '8888'])
         self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'inbound-interface', 'name', interface])
 
         self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'default-log'])
         self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'rule', '3', 'action', 'return'])
         self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'rule', '3', 'protocol', 'gre'])
         self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'rule', '3', 'outbound-interface', 'name', interface])
@@ -446,7 +446,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         interface = 'eth0'
 
         self.cli_set(['firewall', 'ipv6', 'name', name, 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv6', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv6', 'name', name, 'default-log'])
 
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '3', 'action', 'accept'])
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '3', 'packet-length', '65'])
@@ -489,7 +489,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'group', 'ipv6-address-group', 'mask_group', 'address', '::beef'])
 
         self.cli_set(['firewall', 'ipv6', 'name', name, 'default-action', 'drop'])
-        self.cli_set(['firewall', 'ipv6', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'ipv6', 'name', name, 'default-log'])
 
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'action', 'drop'])
         self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'destination', 'address', '::1111:2222:3333:4444'])
@@ -569,7 +569,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         vlan_prior = '3'
 
         self.cli_set(['firewall', 'bridge', 'name', name, 'default-action', 'accept'])
-        self.cli_set(['firewall', 'bridge', 'name', name, 'enable-default-log'])
+        self.cli_set(['firewall', 'bridge', 'name', name, 'default-log'])
         self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'action', 'accept'])
         self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'source', 'mac-address', mac_address])
         self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'inbound-interface', 'name', interface_in])
@@ -577,6 +577,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'log-options', 'level', 'crit'])
 
         self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'default-action', 'drop'])
+        self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'default-log'])
         self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '1', 'action', 'accept'])
         self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '1', 'vlan', 'id', vlan_id])
         self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '2', 'action', 'jump'])
-- 
cgit v1.2.3