diff options
| author | Stig Thormodsrud <stig@vyatta.com> | 2010-11-29 15:57:22 -0800 |
|---|---|---|
| committer | Stig Thormodsrud <stig@vyatta.com> | 2010-11-29 15:57:22 -0800 |
| commit | fa38551031d0a0e37663fe465b3847f652b2c5a4 (patch) | |
| tree | d9ed74d33ea3d773cb89a19955190857c64a9756 /scripts/firewall/vyatta-show-firewall.pl | |
| parent | e95a1384c6d0ac25e41b3b201e5524c0488e3714 (diff) | |
| download | vyatta-op-firewall-fa38551031d0a0e37663fe465b3847f652b2c5a4.tar.gz vyatta-op-firewall-fa38551031d0a0e37663fe465b3847f652b2c5a4.zip | |
Fix 5163: 'show firewall' displays misleading output when firewall groups are used
Replace "show firewall" with "show firewall detail" output.
Diffstat (limited to 'scripts/firewall/vyatta-show-firewall.pl')
| -rwxr-xr-x | scripts/firewall/vyatta-show-firewall.pl | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index 06b2f51..77a312b 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -265,7 +265,12 @@ sub print_detail_rule { # check from CLI if we have a condition set that creates more than 1 iptable rule # currenly LOG, RECENT, protocol tcp_udp in a CLI rule result in more than 1 iptable rule my $cli_rule = new Vyatta::IpTables::Rule; - $cli_rule->setupOrig("firewall $tree $chain rule $rule"); + if ($rule eq $max_rule) { + $cli_rule->setupDummy("firewall $tree $chain"); + $cli_rule->set_ip_version($ip_version_hash{$tree}); + } else { + $cli_rule->setupOrig("firewall $tree $chain rule $rule"); + } if (defined $cli_rule->{_log} && "$cli_rule->{_log}" eq "enable") { # log enabled in rule so actual rule in iptables is second rule @@ -336,17 +341,18 @@ sub print_detail_rule { } $string_words_part1[2]=$cli_rule->{_action} if defined $cli_rule->{_action}; - $string_words_part1[2]='drop' if $rule == $max_rule; if ($iptables_cmd =~ /6/) { @string_words_part2=splice(@string_words, 2, 2);# source, destination } else { @string_words_part2=splice(@string_words, 3, 2);# source, destination } - if ($iptables_cmd =~ /6/) { - @string_words_part3=splice(@string_words, 5);# all other matches after comment - } else { - @string_words_part3=splice(@string_words, 6);# all other matches after comment + if ($rule != $max_rule) { + if ($iptables_cmd =~ /6/) { + @string_words_part3=splice(@string_words, 5);# all other matches after comment + } else { + @string_words_part3=splice(@string_words, 6);# all other matches after comment + } } my $condition='condition - '; my $string_for_part3 = join (" ", @string_words_part3); @@ -391,7 +397,7 @@ sub print_detail_rule { "$string_words_part1[0]", "$string_words_part1[1]"); print "\n"; # print condition - if ($string_for_part3 =~ /\w/ and $rule != $max_rule) { + if ($string_for_part3 =~ /\w/) { while (length($string_for_part3) > 66) { my $condition_str = substr $string_for_part3, 0 , 66; $condition .= $condition_str; |