diff options
| author | Robert Bays <robert@vyatta.com> | 2012-09-05 10:57:02 -0700 |
|---|---|---|
| committer | Robert Bays <robert@vyatta.com> | 2012-09-05 10:57:02 -0700 |
| commit | a9d4ab9d4806e0b8a0d151442bcffd4f63f65dda (patch) | |
| tree | 33f6f85bd8575b5ffb4548a1b1e1a72772f344f8 | |
| parent | e5ba41191e5be53ca366f3a880ed19269f23ea3f (diff) | |
| download | vyatta-op-firewall-a9d4ab9d4806e0b8a0d151442bcffd4f63f65dda.tar.gz vyatta-op-firewall-a9d4ab9d4806e0b8a0d151442bcffd4f63f65dda.zip | |
add show command support for policy rules
| -rwxr-xr-x | scripts/firewall/vyatta-show-firewall.pl | 92 | ||||
| -rw-r--r-- | templates/clear/firewall/ipv6-modify/node.def | 1 | ||||
| -rw-r--r-- | templates/clear/firewall/ipv6-modify/node.tag/node.def | 4 | ||||
| -rw-r--r-- | templates/clear/firewall/ipv6-modify/node.tag/rule/node.def | 1 | ||||
| -rw-r--r-- | templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/node.def | 5 | ||||
| -rw-r--r-- | templates/clear/firewall/modify/node.def | 1 | ||||
| -rw-r--r-- | templates/clear/firewall/modify/node.tag/rule/node.def | 1 | ||||
| -rwxr-xr-x | templates/clear/policy/ipv6-route/node.def | 1 | ||||
| -rwxr-xr-x[-rw-r--r--] | templates/clear/policy/ipv6-route/node.tag/counters/node.def (renamed from templates/clear/firewall/ipv6-modify/node.tag/counters/node.def) | 2 | ||||
| -rwxr-xr-x[-rw-r--r--] | templates/clear/policy/ipv6-route/node.tag/node.def (renamed from templates/clear/firewall/modify/node.tag/node.def) | 2 | ||||
| -rwxr-xr-x | templates/clear/policy/ipv6-route/node.tag/rule/node.def | 1 | ||||
| -rw-r--r-- | templates/clear/policy/ipv6-route/node.tag/rule/node.tag/counters/node.def (renamed from templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/counters/node.def) | 0 | ||||
| -rwxr-xr-x[-rw-r--r--] | templates/clear/policy/ipv6-route/node.tag/rule/node.tag/node.def (renamed from templates/clear/firewall/modify/node.tag/rule/node.tag/node.def) | 4 | ||||
| -rw-r--r-- | templates/clear/policy/node.def | 1 | ||||
| -rwxr-xr-x | templates/clear/policy/route/node.def | 1 | ||||
| -rw-r--r-- | templates/clear/policy/route/node.tag/counters/node.def (renamed from templates/clear/firewall/modify/node.tag/counters/node.def) | 0 | ||||
| -rwxr-xr-x | templates/clear/policy/route/node.tag/node.def | 4 | ||||
| -rwxr-xr-x | templates/clear/policy/route/node.tag/rule/node.def | 1 | ||||
| -rw-r--r-- | templates/clear/policy/route/node.tag/rule/node.tag/counters/node.def (renamed from templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def) | 0 | ||||
| -rwxr-xr-x | templates/clear/policy/route/node.tag/rule/node.tag/node.def | 5 | ||||
| -rwxr-xr-x[-rw-r--r--] | templates/show/firewall/node.def | 2 | ||||
| -rw-r--r-- | templates/show/policy/ipv6-route/node.def (renamed from templates/show/firewall/ipv6-modify/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/ipv6-route/node.tag/node.def (renamed from templates/show/firewall/ipv6-modify/node.tag/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/ipv6-route/node.tag/rule/node.def (renamed from templates/show/firewall/ipv6-modify/node.tag/rule/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/ipv6-route/node.tag/rule/node.tag/node.def (renamed from templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/ipv6-route/node.tag/statistics/node.def (renamed from templates/show/firewall/ipv6-modify/node.tag/statistics/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/ipv6-route/statistics/node.def (renamed from templates/show/firewall/ipv6-modify/statistics/node.def) | 0 | ||||
| -rwxr-xr-x | templates/show/policy/node.def | 2 | ||||
| -rw-r--r-- | templates/show/policy/route/node.def (renamed from templates/show/firewall/modify/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/route/node.tag/node.def (renamed from templates/show/firewall/modify/node.tag/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/route/node.tag/rule/node.def (renamed from templates/show/firewall/modify/node.tag/rule/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/route/node.tag/rule/node.tag/node.def (renamed from templates/show/firewall/modify/node.tag/rule/node.tag/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/route/node.tag/statistics/node.def (renamed from templates/show/firewall/modify/node.tag/statistics/node.def) | 0 | ||||
| -rw-r--r-- | templates/show/policy/route/statistics/node.def (renamed from templates/show/firewall/modify/statistics/node.def) | 0 |
34 files changed, 81 insertions, 50 deletions
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index aadeb54..5b2c1d6 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -49,6 +49,12 @@ sub numerically { $a <=> $b; } my $format1 = "%-5s %-8s %-9s %-8s %-40s"; my $format2 = " %-78s"; +# mapping from config node to root config node. +my %root_hash = ( 'name' => 'firewall', + 'ipv6-name' => 'firewall', + 'route' => 'policy', + 'ipv6-route' => 'policy'); + sub show_interfaces_zones { my ($chain, $tree) = @_; @@ -56,8 +62,14 @@ sub show_interfaces_zones { my @int_strs = (); for (Vyatta::Interface::get_effective_interfaces()) { my ($iname, $ipath) = ($_->{name}, $_->{path}); - for my $dir ($cfg->listOrigNodes("$ipath firewall")) { - my $ichain = $cfg->returnOrigValue("$ipath firewall $dir $tree"); + for my $dir ($cfg->listOrigNodes("$ipath $root_hash{$tree}")) { + my $path; + if ($tree eq 'route' || $tree eq 'ipv6-route') { + $path = "$ipath $root_hash{$tree} $dir"; + } else { + $path = "$ipath $root_hash{$tree} $dir $tree"; + } + my $ichain = $cfg->returnOrigValue("$path"); if (defined($ichain) and $ichain eq $chain) { $dir =~ y/a-z/A-Z/; push @int_strs, "($iname,$dir)"; @@ -124,27 +136,27 @@ my %target_hash = ('RETURN' => 'accept', # mapping from config node to iptables/ip6tables table my %table_hash = ( 'name' => 'filter', 'ipv6-name' => 'filter', - 'modify' => 'mangle', - 'ipv6-modify' => 'mangle' ); + 'route' => 'mangle', + 'ipv6-route' => 'mangle' ); # mapping from config node to iptables command. my %cmd_hash = ( 'name' => 'iptables', 'ipv6-name' => 'ip6tables', - 'modify' => 'iptables', - 'ipv6-modify' => 'ip6tables'); - + 'route' => 'iptables', + 'ipv6-route' => 'ip6tables'); + # mapping from config node to printable string describing it. -my %description_hash = ( 'name' => 'IPv4', - 'ipv6-name' => 'IPv6', - 'modify' => 'IPv4 Modify', - 'ipv6-modify' => 'IPv6 Modify'); +my %description_hash = ( 'name' => 'IPv4 Firewall', + 'ipv6-name' => 'IPv6 Firewall', + 'route' => 'IPv4 Policy Route', + 'ipv6-route' => 'IPv6 Policy Route'); # mapping from config node to IP version string. my %ip_version_hash = ( 'name' => 'ipv4', 'ipv6-name' => 'ipv6', - 'modify' => 'ipv4', - 'ipv6-modify' => 'ipv6'); + 'route' => 'ipv4', + 'ipv6-route' => 'ipv6'); sub show_chain($$$) { my ($chain, $fh, $tree) = @_; @@ -166,11 +178,11 @@ sub show_chain($$$) { print $fh "<opcommand name='firewallrules'><format type='row'>\n"; my $config = new Vyatta::Config; - $config->setLevel("firewall $tree $chain rule"); + $config->setLevel("$root_hash{$tree} $tree $chain rule"); my @rules = sort numerically $config->listOrigNodes(); foreach (@rules) { my $rule = new Vyatta::IpTables::Rule; - $rule->setupOrig("firewall $tree $chain rule $_"); + $rule->setupOrig("$root_hash{$tree} $tree $chain rule $_"); $rule->set_ip_version($ip_version_hash{$tree}); if (defined($rule_num) && $rule_num != $_) { @@ -219,7 +231,7 @@ sub show_chain($$$) { print $fh " <pkts>$pkts</pkts>\n"; print $fh " <bytes>$bytes</bytes>\n"; my $rule = new Vyatta::IpTables::Rule; - $rule->setupDummy("firewall $tree $chain"); + $rule->setupDummy("$root_hash{$tree} $tree $chain"); $rule->set_ip_version($ip_version_hash{$tree}); $rule->outputXml($fh); print $fh " </row>\n"; @@ -234,7 +246,7 @@ sub show_chain_detail { my $iptables_cmd = $cmd_hash{$tree}; my $config = new Vyatta::Config; - $config->setLevel("firewall $tree $chain rule"); + $config->setLevel("$root_hash{$tree} $tree $chain rule"); my @rules = sort numerically $config->listOrigNodes(); print "\n"; printf($format1, 'rule', 'action', 'proto', 'packets', 'bytes'); @@ -242,7 +254,7 @@ sub show_chain_detail { printf($format1, '----', '------', '-----', '-------', '-----'); foreach (@rules) { my $rule = new Vyatta::IpTables::Rule; - $rule->setupOrig("firewall $tree $chain rule $_"); + $rule->setupOrig("$root_hash{$tree} $tree $chain rule $_"); if (defined($rule_num) && $rule_num != $_) { next; } @@ -266,10 +278,10 @@ sub print_detail_rule { # currenly LOG, RECENT, protocol tcp_udp in a CLI rule result in more than 1 iptable rule my $cli_rule = new Vyatta::IpTables::Rule; if ($rule eq $max_rule) { - $cli_rule->setupDummy("firewall $tree $chain"); + $cli_rule->setupDummy("$root_hash{$tree} $tree $chain"); $cli_rule->set_ip_version($ip_version_hash{$tree}); } else { - $cli_rule->setupOrig("firewall $tree $chain rule $rule"); + $cli_rule->setupOrig("$root_hash{$tree} $tree $chain rule $rule"); } if (defined $cli_rule->{_log} && "$cli_rule->{_log}" eq "enable") { @@ -339,8 +351,12 @@ sub print_detail_rule { $string_words_part1[0] += $udp_string_words[0]; $string_words_part1[1] += $udp_string_words[1]; } - - $string_words_part1[2]=$cli_rule->{_action} if defined $cli_rule->{_action}; + + if (defined $cli_rule->{_action}) { + $string_words_part1[2]=$cli_rule->{_action}; + } else { + $string_words_part1[2]='set'; + } if ($iptables_cmd =~ /6/) { @string_words_part2=splice(@string_words, 2, 2);# source, destination @@ -391,6 +407,7 @@ sub print_detail_rule { print "\n"; printf($format1, "$rule", "$string_words_part1[2]", "$string_words_part1[3]", "$string_words_part1[0]", "$string_words_part1[1]"); + print "\n"; # print condition if ($string_for_part3 =~ /\w/) { @@ -429,13 +446,13 @@ sub show_tree { my ($tree, $config, ) = @_; my $description = $description_hash{$tree}; - $config->setLevel("firewall $tree"); + $config->setLevel("$root_hash{$tree} $tree"); my @chains = $config->listOrigNodes(); my $chain_cnt=0; print "-" x 80 . "\n" if (scalar(@chains) > 0); foreach (sort @chains) { $chain_cnt++; - print "$description Firewall \"$_\":"; + print "$description \"$_\":"; show_interfaces_zones($_, $tree); if (!($xsl_file =~ /detail/)) { open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; @@ -456,7 +473,7 @@ sub print_global_fw_header { sub print_fw_ruleset_header { print "\n" . "-" x 29 . "\n"; - print "Firewall Rulesets Information\n"; + print "Rulesets Information\n"; print "-" x 29 . "\n"; } @@ -514,8 +531,9 @@ my $tree_name = $tree_chain_name[0]; my $chain_name = $tree_chain_name[1]; # check if tree name is either 'all' or one of four keys in %table_hash -if (!($tree_name eq "all" || (scalar(grep(/^$tree_name$/, (keys %table_hash))) > 0))) { - print "Invalid firewall type name [$tree_name]\n"; +if (!($tree_name eq "all" || (scalar(grep(/^$tree_name$/, (keys %table_hash))) > 0) + || $tree_name eq "firewall" || $tree_name eq "policy")) { + print "Invalid $root_hash{$tree} type name [$tree_name]\n"; exit 1; } @@ -526,6 +544,16 @@ if ($tree_name eq "all") { foreach $tree (reverse(sort(keys %table_hash))) { show_tree($tree, $config); } +} elsif ($tree_name eq "firewall") { + show_state_policy(); + print_fw_ruleset_header(); + show_tree('name', $config); + show_tree('ipv6-name', $config); +} elsif ($tree_name eq "policy") { + show_state_policy(); + print_fw_ruleset_header(); + show_tree('route', $config); + show_tree('ipv6-route', $config); } elsif ($chain_name eq "all") { show_state_policy(); print_fw_ruleset_header(); @@ -535,27 +563,27 @@ if ($tree_name eq "all") { } else { # Print given rule set in specified tree $tree = $tree_name; - $config->setLevel("firewall $tree"); + $config->setLevel("$root_hash{$tree} $tree"); @chains = $config->listOrigNodes(); # validate chain-name if (!(scalar(grep(/^$chain_name$/, @chains)) > 0)) { - print "Invalid firewall instance [$chain_name] \n"; + print "Invalid $root_hash{$tree} instance [$chain_name] \n"; exit 1; } if (defined $rule_num) { #validate rule-num for given chain - $config->setLevel("firewall $tree $chain_name rule"); + $config->setLevel("$root_hash{$tree} $tree $chain_name rule"); my @rules = $config->listOrigNodes(); if (!((scalar(grep(/^$rule_num$/, @rules)) > 0) || ($rule_num == $max_rule))) { - print "Invalid rule $rule_num under firewall instance [$chain_name] \n"; + print "Invalid rule $rule_num under $root_hash{$tree} instance [$chain_name] \n"; exit 1; } } show_state_policy(); print_fw_ruleset_header(); my $description = $description_hash{$tree}; - print "\n$description Firewall \"$chain_name\":"; + print "\n$description \"$chain_name\":"; show_interfaces_zones($chain_name, $tree); if (!($xsl_file =~ /detail/)) { open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; diff --git a/templates/clear/firewall/ipv6-modify/node.def b/templates/clear/firewall/ipv6-modify/node.def deleted file mode 100644 index 208c4f1..0000000 --- a/templates/clear/firewall/ipv6-modify/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Clear firewall statistics for chain diff --git a/templates/clear/firewall/ipv6-modify/node.tag/node.def b/templates/clear/firewall/ipv6-modify/node.tag/node.def deleted file mode 100644 index 693c0ae..0000000 --- a/templates/clear/firewall/ipv6-modify/node.tag/node.def +++ /dev/null @@ -1,4 +0,0 @@ -help: Clear firewall rules for a given chain -allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes firewall ipv6-modify))" - echo -n ${vals[@]} diff --git a/templates/clear/firewall/ipv6-modify/node.tag/rule/node.def b/templates/clear/firewall/ipv6-modify/node.tag/rule/node.def deleted file mode 100644 index ff490a2..0000000 --- a/templates/clear/firewall/ipv6-modify/node.tag/rule/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Clear firewall statistics for a rule diff --git a/templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/node.def b/templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/node.def deleted file mode 100644 index f777438..0000000 --- a/templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Clear firewall statistics for given rule -allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes \ - firewall ipv6-modify ${COMP_WORDS[COMP_CWORD-2]} rule))" - echo -n ${vals[@]} diff --git a/templates/clear/firewall/modify/node.def b/templates/clear/firewall/modify/node.def deleted file mode 100644 index 208c4f1..0000000 --- a/templates/clear/firewall/modify/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Clear firewall statistics for chain diff --git a/templates/clear/firewall/modify/node.tag/rule/node.def b/templates/clear/firewall/modify/node.tag/rule/node.def deleted file mode 100644 index ff490a2..0000000 --- a/templates/clear/firewall/modify/node.tag/rule/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Clear firewall statistics for a rule diff --git a/templates/clear/policy/ipv6-route/node.def b/templates/clear/policy/ipv6-route/node.def new file mode 100755 index 0000000..ef1851f --- /dev/null +++ b/templates/clear/policy/ipv6-route/node.def @@ -0,0 +1 @@ +help: Clear policy statistics for chain diff --git a/templates/clear/firewall/ipv6-modify/node.tag/counters/node.def b/templates/clear/policy/ipv6-route/node.tag/counters/node.def index 1720f91..8d4810e 100644..100755 --- a/templates/clear/firewall/ipv6-modify/node.tag/counters/node.def +++ b/templates/clear/policy/ipv6-route/node.tag/counters/node.def @@ -1,2 +1,2 @@ -help: Clear firewall counters +help: Clear policy counters run: /opt/vyatta/bin/vyatta-clear-firewall "/sbin/ip6tables" "mangle" "$4" diff --git a/templates/clear/firewall/modify/node.tag/node.def b/templates/clear/policy/ipv6-route/node.tag/node.def index 748872d..b01a78f 100644..100755 --- a/templates/clear/firewall/modify/node.tag/node.def +++ b/templates/clear/policy/ipv6-route/node.tag/node.def @@ -1,4 +1,4 @@ help: Clear firewall rules for a given chain allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes firewall modify))" + eval "vals=($(cli-shell-api listActiveNodes policy ipv6-route))" echo -n ${vals[@]} diff --git a/templates/clear/policy/ipv6-route/node.tag/rule/node.def b/templates/clear/policy/ipv6-route/node.tag/rule/node.def new file mode 100755 index 0000000..1ec9d53 --- /dev/null +++ b/templates/clear/policy/ipv6-route/node.tag/rule/node.def @@ -0,0 +1 @@ +help: Clear policy statistics for a rule diff --git a/templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/counters/node.def b/templates/clear/policy/ipv6-route/node.tag/rule/node.tag/counters/node.def index ad6c104..ad6c104 100644 --- a/templates/clear/firewall/ipv6-modify/node.tag/rule/node.tag/counters/node.def +++ b/templates/clear/policy/ipv6-route/node.tag/rule/node.tag/counters/node.def diff --git a/templates/clear/firewall/modify/node.tag/rule/node.tag/node.def b/templates/clear/policy/ipv6-route/node.tag/rule/node.tag/node.def index 6682b94..b059b02 100644..100755 --- a/templates/clear/firewall/modify/node.tag/rule/node.tag/node.def +++ b/templates/clear/policy/ipv6-route/node.tag/rule/node.tag/node.def @@ -1,5 +1,5 @@ -help: Clear firewall statistics for given rule +help: Clear policy statistics for given rule allowed: local -a vals eval "vals=($(cli-shell-api listActiveNodes \ - firewall modify ${COMP_WORDS[COMP_CWORD-2]} rule))" + policy ipv6-route ${COMP_WORDS[COMP_CWORD-2]} rule))" echo -n ${vals[@]} diff --git a/templates/clear/policy/node.def b/templates/clear/policy/node.def new file mode 100644 index 0000000..ac88481 --- /dev/null +++ b/templates/clear/policy/node.def @@ -0,0 +1 @@ +help: Clear policy statistics diff --git a/templates/clear/policy/route/node.def b/templates/clear/policy/route/node.def new file mode 100755 index 0000000..ef1851f --- /dev/null +++ b/templates/clear/policy/route/node.def @@ -0,0 +1 @@ +help: Clear policy statistics for chain diff --git a/templates/clear/firewall/modify/node.tag/counters/node.def b/templates/clear/policy/route/node.tag/counters/node.def index e47bcdc..e47bcdc 100644 --- a/templates/clear/firewall/modify/node.tag/counters/node.def +++ b/templates/clear/policy/route/node.tag/counters/node.def diff --git a/templates/clear/policy/route/node.tag/node.def b/templates/clear/policy/route/node.tag/node.def new file mode 100755 index 0000000..e54b196 --- /dev/null +++ b/templates/clear/policy/route/node.tag/node.def @@ -0,0 +1,4 @@ +help: Clear policy rules for a given chain +allowed: local -a vals + eval "vals=($(cli-shell-api listActiveNodes policy route))" + echo -n ${vals[@]} diff --git a/templates/clear/policy/route/node.tag/rule/node.def b/templates/clear/policy/route/node.tag/rule/node.def new file mode 100755 index 0000000..1ec9d53 --- /dev/null +++ b/templates/clear/policy/route/node.tag/rule/node.def @@ -0,0 +1 @@ +help: Clear policy statistics for a rule diff --git a/templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def b/templates/clear/policy/route/node.tag/rule/node.tag/counters/node.def index d3cbae8..d3cbae8 100644 --- a/templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def +++ b/templates/clear/policy/route/node.tag/rule/node.tag/counters/node.def diff --git a/templates/clear/policy/route/node.tag/rule/node.tag/node.def b/templates/clear/policy/route/node.tag/rule/node.tag/node.def new file mode 100755 index 0000000..ff425cf --- /dev/null +++ b/templates/clear/policy/route/node.tag/rule/node.tag/node.def @@ -0,0 +1,5 @@ +help: Clear policy statistics for given rule +allowed: local -a vals + eval "vals=($(cli-shell-api listActiveNodes \ + policy route ${COMP_WORDS[COMP_CWORD-2]} rule))" + echo -n ${vals[@]} diff --git a/templates/show/firewall/node.def b/templates/show/firewall/node.def index e09a6c2..6a4df96 100644..100755 --- a/templates/show/firewall/node.def +++ b/templates/show/firewall/node.def @@ -1,2 +1,2 @@ help: Show firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "all_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "firewall_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-modify/node.def b/templates/show/policy/ipv6-route/node.def index 4aee1ea..4aee1ea 100644 --- a/templates/show/firewall/ipv6-modify/node.def +++ b/templates/show/policy/ipv6-route/node.def diff --git a/templates/show/firewall/ipv6-modify/node.tag/node.def b/templates/show/policy/ipv6-route/node.tag/node.def index 60f872b..60f872b 100644 --- a/templates/show/firewall/ipv6-modify/node.tag/node.def +++ b/templates/show/policy/ipv6-route/node.tag/node.def diff --git a/templates/show/firewall/ipv6-modify/node.tag/rule/node.def b/templates/show/policy/ipv6-route/node.tag/rule/node.def index b4face1..b4face1 100644 --- a/templates/show/firewall/ipv6-modify/node.tag/rule/node.def +++ b/templates/show/policy/ipv6-route/node.tag/rule/node.def diff --git a/templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def b/templates/show/policy/ipv6-route/node.tag/rule/node.tag/node.def index fa7b4cb..fa7b4cb 100644 --- a/templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def +++ b/templates/show/policy/ipv6-route/node.tag/rule/node.tag/node.def diff --git a/templates/show/firewall/ipv6-modify/node.tag/statistics/node.def b/templates/show/policy/ipv6-route/node.tag/statistics/node.def index 707efa3..707efa3 100644 --- a/templates/show/firewall/ipv6-modify/node.tag/statistics/node.def +++ b/templates/show/policy/ipv6-route/node.tag/statistics/node.def diff --git a/templates/show/firewall/ipv6-modify/statistics/node.def b/templates/show/policy/ipv6-route/statistics/node.def index ae89dec..ae89dec 100644 --- a/templates/show/firewall/ipv6-modify/statistics/node.def +++ b/templates/show/policy/ipv6-route/statistics/node.def diff --git a/templates/show/policy/node.def b/templates/show/policy/node.def new file mode 100755 index 0000000..c8c1c34 --- /dev/null +++ b/templates/show/policy/node.def @@ -0,0 +1,2 @@ +help: Show policy information +run: ${vyatta_bindir}/vyatta-show-firewall.pl "policy_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/modify/node.def b/templates/show/policy/route/node.def index 8a16e04..8a16e04 100644 --- a/templates/show/firewall/modify/node.def +++ b/templates/show/policy/route/node.def diff --git a/templates/show/firewall/modify/node.tag/node.def b/templates/show/policy/route/node.tag/node.def index 096bac0..096bac0 100644 --- a/templates/show/firewall/modify/node.tag/node.def +++ b/templates/show/policy/route/node.tag/node.def diff --git a/templates/show/firewall/modify/node.tag/rule/node.def b/templates/show/policy/route/node.tag/rule/node.def index 44a9e1a..44a9e1a 100644 --- a/templates/show/firewall/modify/node.tag/rule/node.def +++ b/templates/show/policy/route/node.tag/rule/node.def diff --git a/templates/show/firewall/modify/node.tag/rule/node.tag/node.def b/templates/show/policy/route/node.tag/rule/node.tag/node.def index e79461e..e79461e 100644 --- a/templates/show/firewall/modify/node.tag/rule/node.tag/node.def +++ b/templates/show/policy/route/node.tag/rule/node.tag/node.def diff --git a/templates/show/firewall/modify/node.tag/statistics/node.def b/templates/show/policy/route/node.tag/statistics/node.def index a96479b..a96479b 100644 --- a/templates/show/firewall/modify/node.tag/statistics/node.def +++ b/templates/show/policy/route/node.tag/statistics/node.def diff --git a/templates/show/firewall/modify/statistics/node.def b/templates/show/policy/route/statistics/node.def index ae89dec..ae89dec 100644 --- a/templates/show/firewall/modify/statistics/node.def +++ b/templates/show/policy/route/statistics/node.def |