Add support for "show firewall group".

2 files changed, 30 insertions, 0 deletions

diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index a806f20..e38e731 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -102,6 +102,20 @@ sub get_type {
     return $self->{_type};
 }
 
+sub get_members {
+    my ($self) = @_;
+    
+    my @members = ();
+    if (! defined $self->{_type}) {
+	return @members if ! $self->exists();
+    }
+    my @lines = `ipset -L $self->{_name} -n`;
+    foreach my $line (@lines) {
+	push @members, $line if $line =~ /^\d/;
+    }
+    return @members;
+}
+
 sub create {
     my ($self) = @_;
         
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl
index 3ccd4c3..d1baabb 100755
--- a/scripts/firewall/vyatta-ipset.pl
+++ b/scripts/firewall/vyatta-ipset.pl
@@ -93,6 +93,20 @@ sub ipset_check_set_type {
    return;
 }
 
+sub ipset_show_members {
+    my ($set_name) = @_;
+
+    die "Error: undefined set_name\n" if ! defined $set_name; 
+    my $group = new Vyatta::IpTables::IpSet($set_name);    
+    return "Group [$set_name] has not been defined\n" if ! $group->exists();
+    my $type = $group->get_type();
+    my @members = $group->get_members();
+    print "Name   : $set_name\n";
+    print "Type   : $type\n";
+    print "Members:\n";
+    print @members;
+    return;
+}
 
 #
 # main
@@ -121,6 +135,8 @@ $rc = ipset_delete_member($set_name, $member) if $action eq 'delete-member';
 
 $rc = ipset_check_set_type($set_name, $set_type) if $action eq 'check-set-type';
 
+$rc = ipset_show_members($set_name) if $action eq 'show-set-members';
+
 if (defined $rc) {
     print $rc;
     exit 1;