diff options
| -rw-r--r-- | debian/changelog | 15 | ||||
| -rw-r--r-- | debian/control | 3 | ||||
| -rwxr-xr-x | scripts/firewall/vyatta-show-firewall.pl | 20 | ||||
| -rw-r--r-- | src/xsl/show_firewall.xsl | 42 | ||||
| -rw-r--r-- | src/xsl/show_firewall_detail.xsl | 28 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/detail/node.def | 2 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/detail/rule/node.tag/node.def | 2 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/node.def | 2 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/rule/node.tag/node.def | 2 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/statistics/node.def | 2 |
10 files changed, 49 insertions, 69 deletions
diff --git a/debian/changelog b/debian/changelog index 1e047b4..21f24cf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +vyatta-op-firewall (0.2) unstable; urgency=low + + vc4.0.0 + [ Mark O'Brien ] + + + [ An-Cheng Huang ] + * merge ports in show output + * add error checking for show command + * fix quoting in show command templates + + [ Mark O'Brien ] + + -- Mark O'Brien <mobrien@vyatta.com> Mon, 25 Feb 2008 17:39:14 -0800 + vyatta-op-firewall (0.1) unstable; urgency=low * Initial Release. diff --git a/debian/control b/debian/control index b4acc52..33de101 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,8 @@ Standards-Version: 3.7.2 Package: vyatta-op-firewall Architecture: all Depends: bash (>= 3.1), - vyatta-op + vyatta-op, + vyatta-op-xml Suggests: util-linux (>= 2.13-5), net-tools, ethtool, diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index 57a34fa..4995a09 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -10,6 +10,16 @@ my $chain_name = $ARGV[0]; my $xsl_file = $ARGV[1]; my $rule_num = $ARGV[2]; # rule number to match (optional) +if (! -e $xsl_file) { + print "Invalid XSL file \"$xsl_file\"\n"; + exit 1; +} + +if (defined($rule_num) && (!($rule_num =~ /^\d+$/) || ($rule_num > 1025))) { + print "Invalid rule number \"$rule_num\"\n"; + exit 1; +} + sub numerically { $a <=> $b; } sub show_chain { @@ -69,10 +79,10 @@ sub show_chain { print $fh "</format></opcommand>\n"; } +my $config = new VyattaConfig; +$config->setLevel("firewall name"); +my @chains = $config->listOrigNodes(); if ($chain_name eq "-all") { - my $config = new VyattaConfig; - $config->setLevel("firewall name"); - my @chains = $config->listOrigNodes(); foreach (@chains) { print "Firewall \"$_\":\n"; open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; @@ -81,6 +91,10 @@ if ($chain_name eq "-all") { print "-" x 80 . "\n"; } } else { + if (scalar(grep(/^$chain_name$/, @chains)) <= 0) { + print "Invalid name \"$chain_name\"\n"; + exit 1; + } open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; show_chain($chain_name, *RENDER{IO}); close RENDER; diff --git a/src/xsl/show_firewall.xsl b/src/xsl/show_firewall.xsl index d40f024..158d970 100644 --- a/src/xsl/show_firewall.xsl +++ b/src/xsl/show_firewall.xsl @@ -147,52 +147,22 @@ <xsl:text>&newln;</xsl:text> - <xsl:if test="src_port_num!='' or src_port_name!='' or src_port_start!=''"> + <xsl:if test="src_port!=''"> <xsl:value-of select="$pad6"/> <xsl:value-of select="$pad8"/> <xsl:text>src ports: </xsl:text> - <xsl:if test="src_port_num!=''"> - <xsl:value-of select="src_port_num"/> - <xsl:if test="src_port_name!='' or src_port_start!=''"> - <xsl:text>,</xsl:text> - </xsl:if> - </xsl:if> - <xsl:if test="src_port_name!=''"> - <xsl:value-of select="src_port_name"/> - <xsl:if test="src_port_start!=''"> - <xsl:text>,</xsl:text> - </xsl:if> - </xsl:if> - <xsl:if test="src_port_start!=''"> - <xsl:value-of select="src_port_start"/> - <xsl:text>-</xsl:text> - <xsl:value-of select="src_port_stop"/> - </xsl:if> + <xsl:value-of select="src_port"/> + <xsl:text>&newln;</xsl:text> </xsl:if> - <xsl:if test="dst_port_num!='' or dst_port_name!='' or dst_port_start!=''"> + <xsl:if test="dst_port!=''"> <xsl:value-of select="$pad6"/> <xsl:value-of select="$pad8"/> <xsl:value-of select="$pad20"/> <xsl:text>dst ports: </xsl:text> - <xsl:if test="dst_port_num!=''"> - <xsl:value-of select="dst_port_num"/> - <xsl:if test="dst_port_name!='' or dst_port_start!=''"> - <xsl:text>,</xsl:text> - </xsl:if> - </xsl:if> - <xsl:if test="dst_port_name!=''"> - <xsl:value-of select="dst_port_name"/> - <xsl:if test="dst_port_start!=''"> - <xsl:text>,</xsl:text> - </xsl:if> - </xsl:if> - <xsl:if test="dst_port_start!=''"> - <xsl:value-of select="dst_port_start"/> - <xsl:text>-</xsl:text> - <xsl:value-of select="dst_port_stop"/> - </xsl:if> + <xsl:value-of select="dst_port"/> + <xsl:text>&newln;</xsl:text> </xsl:if> diff --git a/src/xsl/show_firewall_detail.xsl b/src/xsl/show_firewall_detail.xsl index 6e970cb..bd817c8 100644 --- a/src/xsl/show_firewall_detail.xsl +++ b/src/xsl/show_firewall_detail.xsl @@ -135,18 +135,8 @@ <xsl:text> Ports: </xsl:text> <xsl:choose> - <xsl:when test="src_port_num!='0'"> - <xsl:value-of select="src_port_num"/> - </xsl:when> - - <xsl:when test="src_port_start!='0'"> - <xsl:value-of select="src_port_start"/> - <xsl:text>:</xsl:text> - <xsl:value-of select="src_port_stop"/> - </xsl:when> - - <xsl:when test="src_port_name!=''"> - <xsl:value-of select="src_port_name"/> + <xsl:when test="src_port!=''"> + <xsl:value-of select="src_port"/> </xsl:when> <xsl:otherwise> @@ -181,18 +171,8 @@ <xsl:text> Ports: </xsl:text> <xsl:choose> - <xsl:when test="dst_port_num!='0'"> - <xsl:value-of select="dst_port_num"/> - </xsl:when> - - <xsl:when test="dst_port_start!='0'"> - <xsl:value-of select="dst_port_start"/> - <xsl:text>:</xsl:text> - <xsl:value-of select="dst_port_stop"/> - </xsl:when> - - <xsl:when test="dst_port_name!=''"> - <xsl:value-of select="dst_port_name"/> + <xsl:when test="dst_port!=''"> + <xsl:value-of select="dst_port"/> </xsl:when> <xsl:otherwise> diff --git a/templates/show/firewall/node.tag/detail/node.def b/templates/show/firewall/node.tag/detail/node.def index f5295dd..0e007dc 100644 --- a/templates/show/firewall/node.tag/detail/node.def +++ b/templates/show/firewall/node.tag/detail/node.def @@ -1,3 +1,3 @@ help: Show firewall rules (detail output) -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_detail.xsl +run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def index f3af458..fa350cf 100644 --- a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def +++ b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def @@ -1,4 +1,4 @@ help: Show detailed information about one firewall rule allowed: echo -n "<NUMBER>" -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_detail.xsl $6 +run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$6" diff --git a/templates/show/firewall/node.tag/node.def b/templates/show/firewall/node.tag/node.def index 134ad7d..0ec0f97 100644 --- a/templates/show/firewall/node.tag/node.def +++ b/templates/show/firewall/node.tag/node.def @@ -1,4 +1,4 @@ help: Show firewall rules for given chain allowed: sudo ${vyatta_bindir}/sudo-users/iptables --list -n | /bin/grep ^Chain | /usr/bin/awk '{ print $2 }' -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall.xsl +run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall.xsl diff --git a/templates/show/firewall/node.tag/rule/node.tag/node.def b/templates/show/firewall/node.tag/rule/node.tag/node.def index cf252ed..4dbf8c1 100644 --- a/templates/show/firewall/node.tag/rule/node.tag/node.def +++ b/templates/show/firewall/node.tag/rule/node.tag/node.def @@ -1,4 +1,4 @@ help: Show firewall rules (summary output) allowed: echo -n "<NUMBER>" -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall.xsl $5 +run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall.xsl "$5" diff --git a/templates/show/firewall/node.tag/statistics/node.def b/templates/show/firewall/node.tag/statistics/node.def index fcbdddc..21616cf 100644 --- a/templates/show/firewall/node.tag/statistics/node.def +++ b/templates/show/firewall/node.tag/statistics/node.def @@ -1,3 +1,3 @@ help: Show firewall counter information -run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl $3 /opt/vyatta/share/xsl/show_firewall_statistics.xsl +run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall_statistics.xsl |