From 38511df4b376f8ec5eee9af55df92f96cab0a0cf Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Wed, 18 Sep 2024 14:07:24 +0000
Subject: T6723: firewall: extend op-mode commands <show firewall ..> and a
 <show log firewall ..> in order to match all chains/priorities

---
 op-mode-definitions/firewall.xml.in | 220 ++++++++++++++++++++++++++++++++++++
 op-mode-definitions/show-log.xml.in | 125 ++++++++++++++++++++
 2 files changed, 345 insertions(+)
 mode change 100644 => 100755 op-mode-definitions/firewall.xml.in
 mode change 100644 => 100755 op-mode-definitions/show-log.xml.in

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/firewall.xml.in b/op-mode-definitions/firewall.xml.in
old mode 100644
new mode 100755
index b6ce5bae2..82e6c8668
--- a/op-mode-definitions/firewall.xml.in
+++ b/op-mode-definitions/firewall.xml.in
@@ -98,6 +98,138 @@
                   </node>
                 </children>
               </node>
+              <node name="input">
+                <properties>
+                  <help>Show bridge input firewall ruleset</help>
+                </properties>
+                <children>
+                  <node name="filter">
+                    <properties>
+                      <help>Show bridge input filter firewall ruleset</help>
+                    </properties>
+                    <children>
+                      <leafNode name="detail">
+                        <properties>
+                          <help>Show list view of bridge input filter firewall rules</help>
+                          <completionHelp>
+                            <path>firewall bridge input filter detail</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+                      </leafNode>
+                      <tagNode name="rule">
+                        <properties>
+                          <help>Show summary of bridge input filter firewall rules</help>
+                          <completionHelp>
+                            <path>firewall bridge input filter rule</path>
+                          </completionHelp>
+                        </properties>
+                        <children>
+                          <leafNode name="detail">
+                            <properties>
+                              <help>Show list view of specific bridge input filter firewall rule</help>
+                              <completionHelp>
+                                <path>firewall bridge input filter detail</path>
+                              </completionHelp>
+                            </properties>
+                            <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+                          </leafNode>
+                        </children>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+                      </tagNode>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+                  </node>
+                </children>
+              </node>
+              <node name="output">
+                <properties>
+                  <help>Show bridge output firewall ruleset</help>
+                </properties>
+                <children>
+                  <node name="filter">
+                    <properties>
+                      <help>Show bridge output filter firewall ruleset</help>
+                    </properties>
+                    <children>
+                      <leafNode name="detail">
+                        <properties>
+                          <help>Show list view of bridge output filter firewall rules</help>
+                          <completionHelp>
+                            <path>firewall bridge output filter detail</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+                      </leafNode>
+                      <tagNode name="rule">
+                        <properties>
+                          <help>Show summary of bridge output filter firewall rules</help>
+                          <completionHelp>
+                            <path>firewall bridge output filter rule</path>
+                          </completionHelp>
+                        </properties>
+                        <children>
+                          <leafNode name="detail">
+                            <properties>
+                              <help>Show list view of specific bridge output filter firewall rule</help>
+                              <completionHelp>
+                                <path>firewall bridge output filter detail</path>
+                              </completionHelp>
+                            </properties>
+                            <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+                          </leafNode>
+                        </children>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+                      </tagNode>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+                  </node>
+                </children>
+              </node>
+              <node name="prerouting">
+                <properties>
+                  <help>Show bridge prerouting firewall ruleset</help>
+                </properties>
+                <children>
+                  <node name="filter">
+                    <properties>
+                      <help>Show bridge prerouting filter firewall ruleset</help>
+                    </properties>
+                    <children>
+                      <leafNode name="detail">
+                        <properties>
+                          <help>Show list view of bridge prerouting filter firewall rules</help>
+                          <completionHelp>
+                            <path>firewall bridge prerouting filter detail</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+                      </leafNode>
+                      <tagNode name="rule">
+                        <properties>
+                          <help>Show summary of bridge prerouting filter firewall rules</help>
+                          <completionHelp>
+                            <path>firewall bridge prerouting filter rule</path>
+                          </completionHelp>
+                        </properties>
+                        <children>
+                          <leafNode name="detail">
+                            <properties>
+                              <help>Show list view of specific bridge prerouting filter firewall rule</help>
+                              <completionHelp>
+                                <path>firewall bridge prerouting filter detail</path>
+                              </completionHelp>
+                            </properties>
+                            <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+                          </leafNode>
+                        </children>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+                      </tagNode>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+                  </node>
+                </children>
+              </node>
               <tagNode name="name">
                 <properties>
                   <help>Show bridge custom firewall chains</help>
@@ -278,6 +410,50 @@
                   </node>
                 </children>
               </node>
+              <node name="prerouting">
+                <properties>
+                  <help>Show IPv6 prerouting firewall ruleset</help>
+                </properties>
+                <children>
+                  <node name="raw">
+                    <properties>
+                      <help>Show IPv6 prerouting raw firewall ruleset</help>
+                    </properties>
+                    <children>
+                      <leafNode name="detail">
+                        <properties>
+                          <help>Show list view of IPv6 prerouting raw firewall ruleset</help>
+                          <completionHelp>
+                            <path>firewall ipv6 prerouting raw detail</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+                      </leafNode>
+                      <tagNode name="rule">
+                        <properties>
+                          <help>Show summary of IPv6 prerouting raw firewall rules</help>
+                          <completionHelp>
+                            <path>firewall ipv6 prerouting raw rule</path>
+                          </completionHelp>
+                        </properties>
+                        <children>
+                          <leafNode name="detail">
+                            <properties>
+                              <help>Show list view of IPv6 prerouting raw firewall rules</help>
+                              <completionHelp>
+                                <path>firewall ipv6 prerouting raw rule detail</path>
+                              </completionHelp>
+                            </properties>
+                            <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+                          </leafNode>
+                        </children>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+                      </tagNode>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+                  </node>
+                </children>
+              </node>
               <tagNode name="name">
                 <properties>
                   <help>Show IPv6 custom firewall chains</help>
@@ -458,6 +634,50 @@
                   </node>
                 </children>
               </node>
+              <node name="prerouting">
+                <properties>
+                  <help>Show IPv4 prerouting firewall ruleset</help>
+                </properties>
+                <children>
+                  <node name="raw">
+                    <properties>
+                      <help>Show IPv4 prerouting raw firewall ruleset</help>
+                    </properties>
+                    <children>
+                      <leafNode name="detail">
+                        <properties>
+                          <help>Show list view of IPv4 prerouting raw firewall ruleset</help>
+                          <completionHelp>
+                            <path>firewall ipv4 prerouting raw detail</path>
+                          </completionHelp>
+                        </properties>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --detail $6</command>
+                      </leafNode>
+                      <tagNode name="rule">
+                        <properties>
+                          <help>Show summary of IPv4 prerouting raw firewall rules</help>
+                          <completionHelp>
+                            <path>firewall ipv4 prerouting raw rule</path>
+                          </completionHelp>
+                        </properties>
+                        <children>
+                          <leafNode name="detail">
+                            <properties>
+                              <help>Show list view of IPv4 prerouting raw firewall rules</help>
+                              <completionHelp>
+                                <path>firewall ipv4 prerouting raw rule detail</path>
+                              </completionHelp>
+                            </properties>
+                            <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7 --detail $8</command>
+                          </leafNode>
+                        </children>
+                        <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5 --rule $7</command>
+                      </tagNode>
+                    </children>
+                    <command>sudo ${vyos_op_scripts_dir}/firewall.py --action show --family $3 --hook $4 --priority $5</command>
+                  </node>
+                </children>
+              </node>
               <tagNode name="name">
                 <properties>
                   <help>Show IPv4 custom firewall chains</help>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
old mode 100644
new mode 100755
index f0fad63d2..c2504686d
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -172,6 +172,81 @@
                       </node>
                     </children>
                   </node>
+                  <node name="input">
+                    <properties>
+                      <help>Show Bridge input firewall log</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | grep bri-INP</command>
+                    <children>
+                      <node name="filter">
+                        <properties>
+                          <help>Show Bridge firewall input filter</help>
+                        </properties>
+                        <command>journalctl --no-hostname --boot -k | grep bri-INP-filter</command>
+                        <children>
+                          <tagNode name="rule">
+                            <properties>
+                              <help>Show log for a rule in the specified firewall</help>
+                              <completionHelp>
+                                <path>firewall bridge input filter rule</path>
+                              </completionHelp>
+                            </properties>
+                            <command>journalctl --no-hostname --boot -k | egrep "\[bri-INP-filter-$8-[ADRJC]\]"</command>
+                          </tagNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
+                  <node name="output">
+                    <properties>
+                      <help>Show Bridge output firewall log</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | grep bri-OUT</command>
+                    <children>
+                      <node name="filter">
+                        <properties>
+                          <help>Show Bridge firewall output filter</help>
+                        </properties>
+                        <command>journalctl --no-hostname --boot -k | grep bri-OUT-filter</command>
+                        <children>
+                          <tagNode name="rule">
+                            <properties>
+                              <help>Show log for a rule in the specified firewall</help>
+                              <completionHelp>
+                                <path>firewall bridge output filter rule</path>
+                              </completionHelp>
+                            </properties>
+                            <command>journalctl --no-hostname --boot -k | egrep "\[bri-OUT-filter-$8-[ADRJC]\]"</command>
+                          </tagNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
+                  <node name="prerouting">
+                    <properties>
+                      <help>Show Bridge prerouting firewall log</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | grep bri-PRE</command>
+                    <children>
+                      <node name="filter">
+                        <properties>
+                          <help>Show Bridge firewall prerouting filter</help>
+                        </properties>
+                        <command>journalctl --no-hostname --boot -k | grep bri-PRE-filter</command>
+                        <children>
+                          <tagNode name="rule">
+                            <properties>
+                              <help>Show log for a rule in the specified firewall</help>
+                              <completionHelp>
+                                <path>firewall bridge prerouting filter rule</path>
+                              </completionHelp>
+                            </properties>
+                            <command>journalctl --no-hostname --boot -k | egrep "\[bri-PRE-filter-$8-[ADRJC]\]"</command>
+                          </tagNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
                   <tagNode name="name">
                     <properties>
                       <help>Show custom Bridge firewall log</help>
@@ -295,6 +370,31 @@
                       </node>
                     </children>
                   </node>
+                  <node name="prerouting">
+                    <properties>
+                      <help>Show firewall IPv4 prerouting log</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | grep ipv4-PRE</command>
+                    <children>
+                      <node name="raw">
+                        <properties>
+                          <help>Show firewall IPv4 prerouting raw log</help>
+                        </properties>
+                        <command>journalctl --no-hostname --boot -k | grep ipv4-PRE-raw</command>
+                        <children>
+                          <tagNode name="rule">
+                            <properties>
+                              <help>Show log for a rule in the specified firewall</help>
+                              <completionHelp>
+                                <path>firewall ipv4 prerouting raw rule</path>
+                              </completionHelp>
+                            </properties>
+                            <command>journalctl --no-hostname --boot -k | egrep "\[ipv4-PRE-raw-$8-[ADRJC]\]"</command>
+                          </tagNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
                 </children>
               </node>
               <node name="ipv6">
@@ -398,6 +498,31 @@
                       </node>
                     </children>
                   </node>
+                  <node name="prerouting">
+                    <properties>
+                      <help>Show firewall IPv6 prerouting log</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | grep ipv6-PRE</command>
+                    <children>
+                      <node name="raw">
+                        <properties>
+                          <help>Show firewall IPv6 prerouting raw log</help>
+                        </properties>
+                        <command>journalctl --no-hostname --boot -k | grep ipv6-PRE-raw</command>
+                        <children>
+                          <tagNode name="rule">
+                            <properties>
+                              <help>Show log for a rule in the specified firewall</help>
+                              <completionHelp>
+                                <path>firewall ipv6 prerouting raw rule</path>
+                              </completionHelp>
+                            </properties>
+                            <command>journalctl --no-hostname --boot -k | egrep "\[ipv6-PRE-raw-$8-[ADRJC]\]"</command>
+                          </tagNode>
+                        </children>
+                      </node>
+                    </children>
+                  </node>
                 </children>
               </node>
             </children>
-- 
cgit v1.2.3