summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.am4
-rw-r--r--scripts/firewall/vyatta-clear-firewall96
-rwxr-xr-xscripts/firewall/vyatta-show-firewall.pl4
-rw-r--r--templates/clear/firewall/modify/node.def1
-rw-r--r--templates/clear/firewall/modify/node.tag/counters/node.def2
-rw-r--r--templates/clear/firewall/modify/node.tag/node.def2
-rw-r--r--templates/clear/firewall/modify/node.tag/rule/node.def1
-rw-r--r--templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def2
-rw-r--r--templates/clear/firewall/modify/node.tag/rule/node.tag/node.def2
-rw-r--r--templates/clear/firewall/name/node.tag/counters/node.def6
-rw-r--r--templates/clear/firewall/name/node.tag/rule/node.tag/counters/node.def22
-rw-r--r--templates/show/firewall/detail/node.def2
-rw-r--r--templates/show/firewall/statistics/node.def2
13 files changed, 117 insertions, 29 deletions
diff --git a/Makefile.am b/Makefile.am
index 715355b..beb3482 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4,7 +4,9 @@ xsldir = @XSLDIR@
xsl_DATA =
-bin_SCRIPTS = scripts/firewall/vyatta-show-firewall.pl
+bin_SCRIPTS =
+bin_SCRIPTS += scripts/firewall/vyatta-show-firewall.pl
+bin_SCRIPTS += scripts/firewall/vyatta-clear-firewall
xsl_DATA += src/xsl/show_firewall_detail.xsl
xsl_DATA += src/xsl/show_firewall_statistics_brief.xsl
diff --git a/scripts/firewall/vyatta-clear-firewall b/scripts/firewall/vyatta-clear-firewall
new file mode 100644
index 0000000..ae48970
--- /dev/null
+++ b/scripts/firewall/vyatta-clear-firewall
@@ -0,0 +1,96 @@
+#!/bin/bash
+#
+# Module: vyatta-clear-firewall
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2006-2009 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Mohit Mehta
+# Date: February 2009
+# Description: Script to clear firewall counters
+#
+# **** End License ****
+#
+
+print_usage()
+{
+ echo "Usage:"
+ echo -e "\t$0 iptables/ip6tables table-name chain-name [rule-num]"
+}
+
+clear_chain() {
+ sudo $iptables_cmd -t $table_name -Z $chain_name 2>/dev/null
+ result=`echo $?`
+ if [ $result != 0 ]; then
+ echo Invalid $ip_version firewall $cli_tree chain \'$chain_name\'
+ exit 1
+ fi
+}
+
+clear_chain_rule() {
+ result=`sudo $iptables_cmd -t $table_name -L $chain_name 2>/dev/null`
+ result=`echo $?`
+ if [ $result != 0 ]; then
+ echo Invalid $ip_version firewall $cli_tree chain \'$chain_name\'
+ exit 1
+ else
+ iptables_rule_num=( `sudo $iptables_cmd -t $table_name -L $chain_name \
+ --line-numbers | grep "/\* $chain_name-$rule_num " | awk '{ print $1 }'` )
+ num_iptables_rules=${#iptables_rule_num[*]}
+ if [ $num_iptables_rules != 0 ]; then
+ i=0
+ while [ $i -lt $num_iptables_rules ]; do
+ sudo $iptables_cmd -t $table_name -Z $chain_name ${iptables_rule_num[$i]}
+ let i++
+ done
+ else
+ echo No \'rule $rule_num\' under $ip_version firewall $cli_tree chain \'$chain_name\'
+ exit 1
+ fi
+ fi
+}
+
+#
+# main
+#
+
+if [ $# -lt 3 ]; then
+ print_usage
+ exit 1
+fi
+
+iptables_cmd=$1
+table_name=$2
+chain_name=$3
+rule_num=$4
+
+if [[ '6' =~ $iptables_cmd ]]; then
+ ip_version="IPv6"
+else
+ ip_version="IPv4"
+fi
+
+if [[ 'filter' =~ $table_name ]]; then
+ cli_tree="name"
+else
+ cli_tree="modify"
+fi
+
+if [ -n "$rule_num" ]; then
+ clear_chain_rule
+else
+ clear_chain
+fi
+
+exit 0
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl
index 2de9061..f103dfc 100755
--- a/scripts/firewall/vyatta-show-firewall.pl
+++ b/scripts/firewall/vyatta-show-firewall.pl
@@ -142,7 +142,7 @@ sub show_chain($$$) {
$rule->outputXml($fh);
print $fh " </row>\n";
}
- if (!defined($rule_num)) {
+ if (!defined($rule_num) || ($rule_num == 1025)) {
# dummy rule
print $fh " <row>\n";
print $fh " <rule_number>1025</rule_number>\n";
@@ -219,7 +219,7 @@ if ($tree_name eq "all") {
#validate rule-num for given chain
$config->setLevel("firewall $tree $chain_name rule");
my @rules = $config->listOrigNodes();
- if (!(scalar(grep(/^$rule_num$/, @rules)) > 0)) {
+ if (!((scalar(grep(/^$rule_num$/, @rules)) > 0) || ($rule_num == 1025))) {
print "Invalid rule $rule_num under firewall instance [$chain_name] \n";
exit 1;
}
diff --git a/templates/clear/firewall/modify/node.def b/templates/clear/firewall/modify/node.def
new file mode 100644
index 0000000..208c4f1
--- /dev/null
+++ b/templates/clear/firewall/modify/node.def
@@ -0,0 +1 @@
+help: Clear firewall statistics for chain
diff --git a/templates/clear/firewall/modify/node.tag/counters/node.def b/templates/clear/firewall/modify/node.tag/counters/node.def
new file mode 100644
index 0000000..e47bcdc
--- /dev/null
+++ b/templates/clear/firewall/modify/node.tag/counters/node.def
@@ -0,0 +1,2 @@
+help: Clear firewall counters
+run: /opt/vyatta/bin/vyatta-clear-firewall "/sbin/iptables" "mangle" "$4"
diff --git a/templates/clear/firewall/modify/node.tag/node.def b/templates/clear/firewall/modify/node.tag/node.def
new file mode 100644
index 0000000..458fcb7
--- /dev/null
+++ b/templates/clear/firewall/modify/node.tag/node.def
@@ -0,0 +1,2 @@
+help: Clear firewall rules for a given chain
+allowed: ls /opt/vyatta/config/active/firewall/modify/ 2>/dev/null
diff --git a/templates/clear/firewall/modify/node.tag/rule/node.def b/templates/clear/firewall/modify/node.tag/rule/node.def
new file mode 100644
index 0000000..ff490a2
--- /dev/null
+++ b/templates/clear/firewall/modify/node.tag/rule/node.def
@@ -0,0 +1 @@
+help: Clear firewall statistics for a rule
diff --git a/templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def b/templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def
new file mode 100644
index 0000000..d3cbae8
--- /dev/null
+++ b/templates/clear/firewall/modify/node.tag/rule/node.tag/counters/node.def
@@ -0,0 +1,2 @@
+help: Clear counters for specified rule
+run: /opt/vyatta/bin/vyatta-clear-firewall "/sbin/iptables" "mangle" "$4" "$6"
diff --git a/templates/clear/firewall/modify/node.tag/rule/node.tag/node.def b/templates/clear/firewall/modify/node.tag/rule/node.tag/node.def
new file mode 100644
index 0000000..80a0676
--- /dev/null
+++ b/templates/clear/firewall/modify/node.tag/rule/node.tag/node.def
@@ -0,0 +1,2 @@
+help: Clear firewall statistics for given rule
+allowed: ls /opt/vyatta/config/active/firewall/modify/${COMP_WORDS[COMP_CWORD-2]}/rule/ 2>/dev/null
diff --git a/templates/clear/firewall/name/node.tag/counters/node.def b/templates/clear/firewall/name/node.tag/counters/node.def
index 61819b1..47eb883 100644
--- a/templates/clear/firewall/name/node.tag/counters/node.def
+++ b/templates/clear/firewall/name/node.tag/counters/node.def
@@ -1,6 +1,2 @@
help: Clear firewall counters
-run: sudo /sbin/iptables -Z "$4" 2>/dev/null
- result=`echo $?`
- if [ $result != 0 ]; then
- echo Invalid firewall name \'$4\'
- fi
+run: /opt/vyatta/bin/vyatta-clear-firewall "/sbin/iptables" "filter" "$4"
diff --git a/templates/clear/firewall/name/node.tag/rule/node.tag/counters/node.def b/templates/clear/firewall/name/node.tag/rule/node.tag/counters/node.def
index c960e9e..29b1f0b 100644
--- a/templates/clear/firewall/name/node.tag/rule/node.tag/counters/node.def
+++ b/templates/clear/firewall/name/node.tag/rule/node.tag/counters/node.def
@@ -1,22 +1,2 @@
help: Clear counters for specified rule
-run:
- firewall_name=$4
- cli_rule_num=$6
- result=`sudo /sbin/iptables -L $firewall_name 2>/dev/null`
- result=`echo $?`
- if [ $result != 0 ]; then
- echo Invalid firewall name \'$firewall_name\'
- else
- iptables_rule_num=( `sudo /sbin/iptables -L $firewall_name --line-numbers \
- | grep "/\* $firewall_name-$cli_rule_num " | awk '{ print $1 }'` )
- num_iptables_rules=${#iptables_rule_num[*]}
- if [ $num_iptables_rules != 0 ]; then
- i=0
- while [ $i -lt $num_iptables_rules ]; do
- sudo /sbin/iptables -Z "$firewall_name" "${iptables_rule_num[$i]}"
- let i++
- done
- else
- echo No \'rule $cli_rule_num\' under firewall name \'$firewall_name\'
- fi
- fi
+run: /opt/vyatta/bin/vyatta-clear-firewall "/sbin/iptables" "filter" "$4" "$6"
diff --git a/templates/show/firewall/detail/node.def b/templates/show/firewall/detail/node.def
new file mode 100644
index 0000000..97b88db
--- /dev/null
+++ b/templates/show/firewall/detail/node.def
@@ -0,0 +1,2 @@
+help: Show detailed firewall information
+run: ${vyatta_bindir}/vyatta-show-firewall.pl "all_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl
diff --git a/templates/show/firewall/statistics/node.def b/templates/show/firewall/statistics/node.def
new file mode 100644
index 0000000..7d09e66
--- /dev/null
+++ b/templates/show/firewall/statistics/node.def
@@ -0,0 +1,2 @@
+help: Show firewall counter information
+run: ${vyatta_bindir}/vyatta-show-firewall.pl "all_all" /opt/vyatta/share/xsl/show_firewall_statistics.xsl
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 10:04:07 +0000