diff options
| author | An-Cheng Huang <ancheng@vyatta.com> | 2008-06-04 19:26:50 -0700 |
|---|---|---|
| committer | An-Cheng Huang <ancheng@vyatta.com> | 2008-06-04 19:26:50 -0700 |
| commit | 7ebab9a5320d62f8af00390961ba6f33b7982977 (patch) | |
| tree | f721b20797f3dd28190159d15393e38cd4bf7944 | |
| parent | 5a37027f6b3e98f8f45812d5aee9136dcc3cde4e (diff) | |
| download | vyatta-op-firewall-7ebab9a5320d62f8af00390961ba6f33b7982977.tar.gz vyatta-op-firewall-7ebab9a5320d62f8af00390961ba6f33b7982977.zip | |
fix for bug 3061: show interface information if a "chain" is active.
| -rwxr-xr-x | scripts/firewall/vyatta-show-firewall.pl | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index 78e6b68..763cdeb 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -22,6 +22,51 @@ if (defined($rule_num) && (!($rule_num =~ /^\d+$/) || ($rule_num > 1025))) { sub numerically { $a <=> $b; } +### all interfaces firewall nodes +#/ethernet/node.tag/pppoe/node.tag/firewall/<dir>/name/node.def +#/ethernet/node.tag/vif/node.tag/firewall/<dir>/name/node.def +#/ethernet/node.tag/firewall/<dir>/name/node.def +#/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/<dir>/name/node.def +#/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/<dir>/name/node.def +#/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/<dir>/name/node.def +#/tunnel/node.tag/firewall/<dir>/name/node.def +#/serial/node.tag/cisco-hdlc/vif/node.tag/firewall/<dir>/name/node.def +#/serial/node.tag/frame-relay/vif/node.tag/firewall/<dir>/name/node.def +#/serial/node.tag/ppp/vif/node.tag/firewall/<dir>/name/node.def + +sub show_interfaces { + my $chain = shift; + my $cmd = "find /opt/vyatta/config/active/ " + . "|grep -e '/firewall/[^/]\\+/name/node.val'" + . "| xargs grep -l '^$chain\$'"; + my $ifd; + return if (!open($ifd, "$cmd |")); + my @ints = <$ifd>; + # e.g., + #/opt/vyatta/config/active/interfaces/ethernet/eth1/firewall/in/name/node.val + my $pfx = '/opt/vyatta/config/active/interfaces'; + my $sfx = '/name/node.val'; + my @int_strs = (); + foreach (@ints) { + my ($intf, $vif, $dir) = (undef, undef, undef); + if (/^$pfx\/[^\/]+\/([^\/]+)(\/.*)?\/firewall\/([^\/]+)$sfx$/) { + ($intf, $dir) = ($1, $3); + $dir =~ y/a-z/A-Z/; + } else { + next; + } + if (/\/vif\/([^\/]+)\/firewall\//) { + $vif = $1; + push @int_strs, "($intf.$vif,$dir)"; + } else { + push @int_strs, "($intf,$dir)"; + } + } + if (scalar(@int_strs) > 0) { + print "\nActive on " . (join ' ', @int_strs) . "\n"; + } +} + sub show_chain { my $chain = shift; my $fh = shift; @@ -87,6 +132,7 @@ my @chains = $config->listOrigNodes(); if ($chain_name eq "-all") { foreach (@chains) { print "Firewall \"$_\":\n"; + show_interfaces($_); open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; show_chain($_, *RENDER{IO}); close RENDER; @@ -97,6 +143,7 @@ if ($chain_name eq "-all") { print "Invalid name \"$chain_name\"\n"; exit 1; } + show_interfaces($chain_name); open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; show_chain($chain_name, *RENDER{IO}); close RENDER; |