2 files changed, 50 insertions, 4 deletions

diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index 1f8e25b..5689f0a 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -259,6 +259,46 @@ sub delete_member {
     return; # undef
 }
 
+sub get_description {
+    my ($self) = @_;
+
+    return if ! $self->exists();
+    my $config = new Vyatta::Config;
+    my $group_type = "$self->{_type}-group";
+    $config->setLevel("firewall group $group_type $self->{_name}");    
+    return $config->returnOrigValue('description');
+}
+
+sub get_firewall_references {
+    my ($self) = @_;
+    
+    return if ! $self->exists();
+    my @fw_refs = ();
+    my $config = new Vyatta::Config;
+    foreach my $tree ('name', 'modify') {
+	my $path = "firewall $tree ";
+	$config->setLevel($path);
+	my @names = $config->listOrigNodes();
+	foreach my $name (@names) {
+	    my $name_path = "$path $name rule ";
+	    $config->setLevel($name_path);
+	    my @rules = $config->listOrigNodes();
+	    foreach my $rule (@rules) {
+		foreach my $dir ('source', 'destination') {
+		    my $rule_path .= "$name_path $rule $dir group";
+		    $config->setLevel($rule_path);
+		    my $group_type = "$self->{_type}-group";
+		    my $value =  $config->returnOrigValue($group_type);
+		    if (defined $value and $self->{_name} eq $value) {
+			push @fw_refs, "$name-$rule-$dir";
+		    }
+		} # foreach $dir
+	    } # foreach $rule
+	} # foreach $name
+    } # foreach $tree
+    return @fw_refs;
+}
+
 sub rule {
     my ($self, $direction) = @_;
 
diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl
index 81e3e47..7d6b783 100755
--- a/scripts/firewall/vyatta-ipset.pl
+++ b/scripts/firewall/vyatta-ipset.pl
@@ -97,13 +97,19 @@ sub ipset_show_members {
     my ($set_name) = @_;
 
     die "Error: undefined set_name\n" if ! defined $set_name; 
-    my $group = new Vyatta::IpTables::IpSet($set_name);    
+    my $group = new Vyatta::IpTables::IpSet($set_name);
     return "Group [$set_name] has not been defined\n" if ! $group->exists();
     my $type    = $group->get_type();
     my @members = $group->get_members();
-    print "Name   : $set_name\n";
-    print "Type   : $type\n";
-    print "Members:\n";
+    my $desc    = $group->get_description();
+    my @fw_refs = $group->get_firewall_references();
+    push @fw_refs, 'none' if scalar(@fw_refs) == 0;
+
+    print "Name       : $set_name\n";
+    print "Type       : $type\n";
+    print "Description: $desc\n" if defined $desc;
+    print "References : ", join(', ', @fw_refs), "\n";
+    print "Members    :\n";
     print @members;
     return;
 }