diff options
| -rwxr-xr-x | scripts/firewall/vyatta-show-firewall.pl | 90 | ||||
| -rw-r--r-- | templates/show/firewall/node.def | 1 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/detail/node.def | 1 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/detail/rule/node.tag/node.def | 2 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/node.def | 9 | ||||
| -rw-r--r-- | templates/show/firewall/node.tag/rule/node.tag/node.def | 2 |
6 files changed, 81 insertions, 24 deletions
diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index d693914..754cd92 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -69,12 +69,33 @@ sub show_interfaces { } } -sub show_chain { - my $chain = shift; - my $fh = shift; +# mapping from config node to iptables/ip6tables table +my %table_hash = ( 'name' => 'filter', + 'ipv6-name' => 'filter', + 'modify' => 'mangle', + 'ipv6-modify' => 'mangle' ); + +# mapping from config node to iptables command. +my %cmd_hash = ( 'name' => 'iptables', + 'ipv6-name' => 'ip6tables', + 'modify' => 'iptables', + 'ipv6-modify' => 'ip6tables'); + +# mapping from config node to printable string describing it. +my %description_hash = ( 'name' => 'IPv4', + 'ipv6-name' => 'IPv6', + 'modify' => 'IPv4 Modify', + 'ipv6-modify' => 'IPv6 Modify'); + + +sub show_chain($$$) { + my ($chain, $fh, $tree) = @_; + + my $table = $table_hash{$tree}; + my $iptables_cmd = $cmd_hash{$tree}; open my $iptables, "-|" - or exec "sudo", "/sbin/iptables", "-L", $chain, "-vn" + or exec "sudo", "/sbin/$iptables_cmd", "-t", $table, "-L", $chain, "-vn" or exit 1; my @stats = (); while (<$iptables>) { @@ -87,7 +108,7 @@ sub show_chain { print $fh "<opcommand name='firewallrules'><format type='row'>\n"; my $config = new Vyatta::Config; - $config->setLevel("firewall name $chain rule"); + $config->setLevel("firewall $tree $chain rule"); my @rules = sort numerically $config->listOrigNodes(); foreach (@rules) { # just take the stats from the 1st iptables rule and remove unneeded stats @@ -98,7 +119,7 @@ sub show_chain { my $pkts = shift @stats; my $bytes = shift @stats; my $rule = new Vyatta::IpTables::Rule; - $rule->setupOrig("firewall name $chain rule $_"); + $rule->setupOrig("firewall $tree $chain rule $_"); my $ipt_rules = $rule->get_num_ipt_rules(); splice(@stats, 0, (($ipt_rules - 1) * 2)); @@ -129,28 +150,51 @@ sub show_chain { print $fh "</format></opcommand>\n"; } +my $tree; my $config = new Vyatta::Config; -$config->setLevel("firewall name"); -my @chains = $config->listOrigNodes(); +my @chains; + if ($chain_name eq "-all") { - foreach (@chains) { - print "Firewall \"$_\":\n"; - show_interfaces($_); - open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; - show_chain($_, *RENDER{IO}); - close RENDER; - print "-" x 80 . "\n"; + # Print all rule sets in all four trees + foreach $tree (keys %table_hash) { + my $description = $description_hash{$tree}; + $config->setLevel("firewall $tree"); + @chains = $config->listOrigNodes(); + foreach (@chains) { + print "$description Firewall \"$_\":\n"; + show_interfaces($_); + open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; + show_chain($_, *RENDER{IO}, $tree); + close RENDER; + print "-" x 80 . "\n"; + } } + exit 0 } else { - if (scalar(grep(/^$chain_name$/, @chains)) <= 0) { - print "Invalid name \"$chain_name\"\n"; - exit 1; + # Look through all four trees trying to find the rule set name passed in + foreach $tree (keys %table_hash) { + $config->setLevel("firewall $tree"); + @chains = $config->listOrigNodes(); + if (scalar(grep(/^$chain_name$/, @chains)) > 0) { + # Found it! + my $description = $description_hash{$tree}; + print "$description Firewall \"$chain_name\":\n"; + show_interfaces($chain_name); + open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; + show_chain($chain_name, *RENDER{IO}, $tree); + close RENDER; + exit 0 + } } - show_interfaces($chain_name); - open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1; - show_chain($chain_name, *RENDER{IO}); - close RENDER; + + # Didn't find matching rule + print "Invalid firewall name \"$chain_name\"\n"; + exit 1; } -exit 0; +# Local Variables: +# mode: perl +# indent-tabs-mode: nil +# perl-indent-level: 2 +# End: diff --git a/templates/show/firewall/node.def b/templates/show/firewall/node.def index 376c8e3..dcce274 100644 --- a/templates/show/firewall/node.def +++ b/templates/show/firewall/node.def @@ -1,3 +1,4 @@ help: Show firewall information + run: ${vyatta_bindir}/vyatta-show-firewall.pl -all /opt/vyatta/share/xsl/show_firewall.xsl diff --git a/templates/show/firewall/node.tag/detail/node.def b/templates/show/firewall/node.tag/detail/node.def index 450efbd..636dae0 100644 --- a/templates/show/firewall/node.tag/detail/node.def +++ b/templates/show/firewall/node.tag/detail/node.def @@ -1,3 +1,4 @@ help: Show detailed firewall rules inforamtion + run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def index 998af2a..525035b 100644 --- a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def +++ b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def @@ -1,4 +1,6 @@ help: Show detailed information for specified firewall rule + allowed: echo -n "<NUMBER>" + run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$6" diff --git a/templates/show/firewall/node.tag/node.def b/templates/show/firewall/node.tag/node.def index fd72e01..78c9857 100644 --- a/templates/show/firewall/node.tag/node.def +++ b/templates/show/firewall/node.tag/node.def @@ -1,4 +1,11 @@ help: Show firewall rules for given chain -allowed: ls /opt/vyatta/config/active/firewall/name/ 2>/dev/null + +allowed: + l1=`ls /opt/vyatta/config/active/firewall/name/ 2>/dev/null` + l2=`ls /opt/vyatta/config/active/firewall/ipv6-name/ 2>/dev/null` + l3=`ls /opt/vyatta/config/active/firewall/modify/ 2>/dev/null` + l4=`ls /opt/vyatta/config/active/firewall/ipv6-modify/ 2>/dev/null` + echo $l1 $l2 $l3 $l3 + run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall.xsl diff --git a/templates/show/firewall/node.tag/rule/node.tag/node.def b/templates/show/firewall/node.tag/rule/node.tag/node.def index f9a9cc9..931c15d 100644 --- a/templates/show/firewall/node.tag/rule/node.tag/node.def +++ b/templates/show/firewall/node.tag/rule/node.tag/node.def @@ -1,4 +1,6 @@ help: Show summary of firewall rules + allowed: echo -n "<NUMBER>" + run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3" /opt/vyatta/share/xsl/show_firewall.xsl "$5" |