From 2ec023752bdd400835eb69a8f1f9d2873cef61fa Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 19 Jan 2024 21:01:52 +0100 Subject: firewall: T5729: T5681: T5217: backport subsystem from current branch This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch. --- op-mode-definitions/show-log.xml.in | 264 +++++++++++++++++++++++++++++++++--- 1 file changed, 242 insertions(+), 22 deletions(-) (limited to 'op-mode-definitions') diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 432a21b59..f0525a6b8 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -139,47 +139,267 @@ Show log for Firewall + journalctl --no-hostname --boot -k | egrep "(ipv[46]|bri)-(FWD|INP|OUT|NAM)" - + - Show log for a specified firewall (IPv6) - - firewall ipv6-name - + Show firewall bridge log - cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]" + journalctl --no-hostname --boot -k | egrep "bri-(FWD|INP|OUT|NAM)" - + + + Show Bridge forward firewall log + + journalctl --no-hostname --boot -k | grep bri-FWD + + + + Show Bridge firewall forward filter + + journalctl --no-hostname --boot -k | grep bri-FWD-filter + + + + Show log for a rule in the specified firewall + + firewall bridge forward filter rule + + + journalctl --no-hostname --boot -k | egrep "\[bri-FWD-filter-$8-[ADRJC]\]" + + + + + + - Show log for a rule in the specified firewall + Show custom Bridge firewall log - firewall ipv6-name ${COMP_WORDS[4]} rule + firewall bridge name - cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e "\[$5-$7-[ADR]\]" + journalctl --no-hostname --boot -k | grep bri-NAM-$6 + + + + Show log for a rule in the specified firewall + + firewall bridge name ${COMP_WORDS[5]} rule + + + journalctl --no-hostname --boot -k | egrep "\[bri-NAM-$6-$8-[ADRJC]\]" + + - - + + - Show log for a specified firewall (IPv4) - - firewall name - + Show firewall IPv4 log - cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]" + journalctl --no-hostname --boot -k | egrep "ipv4-(FWD|INP|OUT|NAM)" - + - Show log for a rule in the specified firewall + Show firewall IPv4 forward log + + journalctl --no-hostname --boot -k | grep ipv4-FWD + + + + Show firewall IPv4 forward filter log + + journalctl --no-hostname --boot -k | grep ipv4-FWD-filter + + + + Show log for a rule in the specified firewall + + firewall ipv4 forward filter rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv4-FWD-filter-$8-[ADRJC]\]" + + + + + + + + Show firewall IPv4 input log + + journalctl --no-hostname --boot -k | grep ipv4-INP + + + + Show firewall IPv4 input filter log + + journalctl --no-hostname --boot -k | grep ipv4-INP-filter + + + + Show log for a rule in the specified firewall + + firewall ipv4 input filter rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv4-INP-filter-$8-[ADRJC]\]" + + + + + + + + Show custom IPv4 firewall log - firewall name ${COMP_WORDS[4]} rule + firewall ipv4 name - cat $(printf "%s\n" /var/log/messages* | sort -nr) | egrep "\[$5-$7-[ADR]\]" + journalctl --no-hostname --boot -k | grep ipv4-NAM-$6 + + + + Show log for a rule in the specified firewall + + firewall ipv4 name ${COMP_WORDS[5]} rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv4-NAM-$6-$8-[ADRJC]\]" + + + + + Show firewall IPv4 output log + + journalctl --no-hostname --boot -k | grep ipv4-OUT + + + + Show firewall IPv4 output filter log + + journalctl --no-hostname --boot -k | grep ipv4-OUT-filter + + + + Show log for a rule in the specified firewall + + firewall ipv4 output filter rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv4-OUT-filter-$8-[ADRJC]\]" + + + + + - + + + + Show firewall IPv6 log + + journalctl --no-hostname --boot -k | egrep "ipv6-(FWD|INP|OUT|NAM)" + + + + Show firewall IPv6 forward log + + journalctl --no-hostname --boot -k | grep ipv6-FWD + + + + Show firewall IPv6 forward filter log + + journalctl --no-hostname --boot -k | grep ipv6-FWD-filter + + + + Show log for a rule in the specified firewall + + firewall ipv6 forward filter rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv6-FWD-filter-$8-[ADRJC]\]" + + + + + + + + Show firewall IPv6 input log + + journalctl --no-hostname --boot -k | grep ipv6-INP + + + + Show firewall IPv6 input filter log + + journalctl --no-hostname --boot -k | grep ipv6-INP-filter + + + + Show log for a rule in the specified firewall + + firewall ipv6 input filter rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv6-INP-filter-$8-[ADRJC]\]" + + + + + + + + Show custom IPv6 firewall log + + firewall ipv6 name + + + journalctl --no-hostname --boot -k | grep ipv6-NAM-$6 + + + + Show log for a rule in the specified firewall + + firewall ipv6 name ${COMP_WORDS[5]} rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv6-NAM-$6-$8-[ADRJC]\]" + + + + + + Show firewall IPv6 output log + + journalctl --no-hostname --boot -k | grep ipv6-OUT + + + + Show firewall IPv6 output filter log + + journalctl --no-hostname --boot -k | grep ipv6-OUT-filter + + + + Show log for a rule in the specified firewall + + firewall ipv6 output filter rule + + + journalctl --no-hostname --boot -k | egrep "\[ipv6-OUT-filter-$8-[ADRJC]\]" + + + + + + + -- cgit v1.2.3