From 543de3ad1e144d0ab8f31a47bee8b21bb1fae264 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Fri, 14 Dec 2007 18:26:36 -0800 Subject: Initial commit of operational mode templates and scripts for the firewall subsystem. --- AUTHORS | 1 + COPYING | 27 +++ ChangeLog | 0 Makefile.am | 22 ++ NEWS | 1 + README | 48 +++++ configure.ac | 32 +++ debian/README | 7 + debian/autogen.sh | 37 ++++ debian/changelog | 5 + debian/compat | 1 + debian/control | 18 ++ debian/copyright | 35 +++ debian/docs | 2 + debian/linda | 1 + debian/lintian | 2 + debian/rules | 102 +++++++++ scripts/firewall/vyatta-show-firewall.pl | 90 ++++++++ src/xsl/show_firewall.xsl | 202 ++++++++++++++++++ src/xsl/show_firewall_detail.xsl | 236 +++++++++++++++++++++ src/xsl/show_firewall_statistics.xsl | 108 ++++++++++ src/xsl/show_firewall_statistics_brief.xsl | 110 ++++++++++ .../clear/firewall/name/node.tag/counters/node.def | 3 + templates/show/firewall/node.def | 3 + templates/show/firewall/node.tag/detail/node.def | 3 + .../node.tag/detail/rule/node.tag/node.def | 3 + templates/show/firewall/node.tag/node.def | 3 + .../show/firewall/node.tag/rule/node.tag/node.def | 3 + .../show/firewall/node.tag/statistics/node.def | 3 + 29 files changed, 1108 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 Makefile.am create mode 100644 NEWS create mode 100644 README create mode 100644 configure.ac create mode 100644 debian/README create mode 100755 debian/autogen.sh create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/docs create mode 100644 debian/linda create mode 100644 debian/lintian create mode 100755 debian/rules create mode 100755 scripts/firewall/vyatta-show-firewall.pl create mode 100644 src/xsl/show_firewall.xsl create mode 100644 src/xsl/show_firewall_detail.xsl create mode 100644 src/xsl/show_firewall_statistics.xsl create mode 100644 src/xsl/show_firewall_statistics_brief.xsl create mode 100644 templates/clear/firewall/name/node.tag/counters/node.def create mode 100644 templates/show/firewall/node.def create mode 100644 templates/show/firewall/node.tag/detail/node.def create mode 100644 templates/show/firewall/node.tag/detail/rule/node.tag/node.def create mode 100644 templates/show/firewall/node.tag/node.def create mode 100644 templates/show/firewall/node.tag/rule/node.tag/node.def create mode 100644 templates/show/firewall/node.tag/statistics/node.def diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..ee635b2 --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +eng@vyatta.com diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..478965b --- /dev/null +++ b/COPYING @@ -0,0 +1,27 @@ +/* + * Package: vyatt-op-firewall + * + * **** License **** + * Version: VPL 1.0 + * + * The contents of this file are subject to the Vyatta Public License + * Version 1.0 ("License"); you may not use this file except in + * compliance with the License. You may obtain a copy of the License at + * http://www.vyatta.com/vpl + * + * Software distributed under the License is distributed on an "AS IS" + * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + * the License for the specific language governing rights and limitations + * under the License. + * + * This code was originally developed by Vyatta, Inc. + * Portions created by Vyatta are Copyright (C) "YEAR" Vyatta, Inc. + * All Rights Reserved. + * + * Author: Bob Gilligan + * Date: 2007 + * Description: Vyatta operational command completion and base templates + * + * **** End License **** + * + */ diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..e69de29 diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..d44534a --- /dev/null +++ b/Makefile.am @@ -0,0 +1,22 @@ +opdir = $(datadir)/vyatta-op/templates + +xsldir = @XSLDIR@ + +sbin_SCRIPTS = +xsl_DATA = + +sbin_SCRIPTS += scripts/firewall/vyatta-show-firewall.pl + +xsl_DATA += src/xsl/show_firewall_detail.xsl +xsl_DATA += src/xsl/show_firewall_statistics_brief.xsl +xsl_DATA += src/xsl/show_firewall_statistics.xsl +xsl_DATA += src/xsl/show_firewall.xsl + +cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ + cpio -0pd + +install-exec-hook: + mkdir -p $(DESTDIR)$(opdir) + cd templates; $(cpiop) $(DESTDIR)$(opdir) + + diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..78fdaa6 --- /dev/null +++ b/NEWS @@ -0,0 +1 @@ +see http://www.vyatta.com/news/ diff --git a/README b/README new file mode 100644 index 0000000..7d69913 --- /dev/null +++ b/README @@ -0,0 +1,48 @@ +This package has the Vyatta operational command completion script and +base template tree. The default root of this tree is: + /opt/vyatta/share/vyatta-op/templates + +Each directory within this tree is a respective command line argument; +for example, the .../templates/show/interfaces/ethernet directory +completes the command line "show interfaces ethernet". Thus, the +directory name is generally equivalent to the command or argument +name. The only exception are directories named "node.tag"; these +represent dynamic or variable command arguments. For example, +.../templates/show/interfaces/ethernet/node.tag completes the active +system interfaces like "show interfaces ethernet eth0". + +Every template directory must have one and only one file named +"node.def". This file defines the node help string and run command, +like .../templates/show/interfaces/node.def: + +help: "Show network interface information" +run: ${vyatta_bindir}/vyatta-show-interfaces + +Notes: + - field tags (i.e. help and run) must be at the start of line + - try to limit help strings to 64 characters + - run commands may span multiple lines but subsequent lines must + not begin with "WORD:" + +The run command is an evaluated shell expression that may contain the +positional command line argument variables (i.e. $1, $*, $@). +However, since the command itself, is evaluated through an aliased +function, $1 is the command name rather than the usual $0. So, the +command "show interfaces ethernet eth0" would evaluate the respective +run command with $4 == eth0. + +The variable argument .../node.tag/node.def files may also define an +"allowed" field. This is a misnomer since it's really used to produce +a list of possible completions rather than what is allowed during +execution. The fields contents are evaluated shell expression that +outputs (stdout) the list of possible completion values; like +.../templates/show/interfaces/ethernet/node.tag/node.def: + +help: "Show given ethernet interface information" +allowed: local -a array=( /sys/class/net/{eth,vmnet}* ) ; + echo -n ${array[@]##*/} +run: ${vyatta_bindir}/vyatta-show-interfaces ethernet $4 + +A blank or missing "allowed" field means that there is no completion +for the respective node; for such nodes a '*' placeholder tag is +displayed with the help text. diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..b9f650c --- /dev/null +++ b/configure.ac @@ -0,0 +1,32 @@ +# Process this file with autoconf to produce a configure script. +AC_PREREQ(2.59) + +m4_define([VERSION_ID], [m4_esyscmd([ + if test -f .version ; then + head -n 1 .version | tr -d \\n + else + echo -n 2.4 + fi])]) +AC_INIT([vyatta-op-firewall], VERSION_ID, [vyatta-support@vyatta.com]) + +test -n "$VYATTA_VERSION" || VYATTA_VERSION=$PACKAGE_VERSION + +AC_CONFIG_AUX_DIR([config]) +AM_INIT_AUTOMAKE([gnu no-dist-gzip dist-bzip2 subdir-objects]) +AC_PREFIX_DEFAULT([/opt/vyatta]) + +XSLDIR=/opt/vyatta/share/xsl/ + +AC_ARG_ENABLE([nostrip], + AC_HELP_STRING([--enable-nostrip], + [include -nostrip option during packaging]), + [NOSTRIP=-nostrip], [NOSTRIP=]) + +AC_CONFIG_FILES( + [Makefile]) + +AC_SUBST(NOSTRIP) +AC_SUBST(XSLDIR) + +AC_OUTPUT + diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..8f18bbd --- /dev/null +++ b/debian/README @@ -0,0 +1,7 @@ +The Debian Package vyatta-op-firewall +------------------------------------- + +This package has the CLI template for the "show firewall" command + + + -- Bob Gilligan Wed 12 Dec 2007 diff --git a/debian/autogen.sh b/debian/autogen.sh new file mode 100755 index 0000000..ff125d1 --- /dev/null +++ b/debian/autogen.sh @@ -0,0 +1,37 @@ +#!/bin/sh + + +if [ -d .git ] ; then +# generate GNU/Debian format ChangeLog from git log + + rm -f ChangeLog + + if which git2cl >/dev/null ; then + git-log --pretty --numstat --summary | git2cl >> ChangeLog + else + git-log --pretty=short >> ChangeLog + fi + +# append repository reference + + url=` git repo-config --get remote.origin.url` + test "x$url" = "x" && url=`pwd` + + branch=`git-branch --no-color | sed '/^\* /!d; s/^\* //'` + test "x$branch" = "x" && branch=master + + sha=`git log --pretty=oneline --no-color -n 1 | cut -c-8` + test "x$sha" = "x" && sha=00000000 + + echo "$url#$branch-$sha" >> ChangeLog + +fi + +rm -rf config +rm -f aclocal.m4 config.guess config.statusconfig.sub configure INSTALL + +autoreconf --force --install + +rm -f config.sub config.guess +ln -s /usr/share/misc/config.sub . +ln -s /usr/share/misc/config.guess . diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1e047b4 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +vyatta-op-firewall (0.1) unstable; urgency=low + + * Initial Release. + + -- Bob Gilligan Wed, 12 Nov 2007 15:29:15 -0700 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..b4acc52 --- /dev/null +++ b/debian/control @@ -0,0 +1,18 @@ +Source: vyatta-op-firewall +Section: contrib/net +Priority: extra +Maintainer: Bob Gilligan +Build-Depends: debhelper (>= 5), autotools-dev +Standards-Version: 3.7.2 + +Package: vyatta-op-firewall +Architecture: all +Depends: bash (>= 3.1), + vyatta-op +Suggests: util-linux (>= 2.13-5), + net-tools, + ethtool, + ncurses-bin (>= 5.5-5), + ntpdate +Description: Vyatta operational commands for firewall. + Vyatta operational commands for firewall. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..372ac2b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,35 @@ +This package was debianized by Bob Gilligan on +Wed Dec 12 15:31:43 PST 2007 + + +It's original content from the GIT repository + +Upstream Author: + + + +Copyright: + + Copyright (C) 2007 Vyatta, Inc. + All Rights Reserved. + +License: + + The contents of this package are subject to the Vyatta Public License + Version 1.0 ("License"); you may not use this file except in + compliance with the License. You may obtain a copy of the License at + http://www.vyatta.com/vpl + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + This code was originally developed by Vyatta, Inc. + Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is (C) 2007, Vyatta, Inc., and +is licensed under the GPL, see above. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..50bd824 --- /dev/null +++ b/debian/docs @@ -0,0 +1,2 @@ +NEWS +README diff --git a/debian/linda b/debian/linda new file mode 100644 index 0000000..0381d9d --- /dev/null +++ b/debian/linda @@ -0,0 +1 @@ +Tag: file-in-opt diff --git a/debian/lintian b/debian/lintian new file mode 100644 index 0000000..b648e16 --- /dev/null +++ b/debian/lintian @@ -0,0 +1,2 @@ +vyatta-op-firewall: file-in-unusual-dir +vyatta-op-firewall: dir-or-file-in-opt diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..a0aa472 --- /dev/null +++ b/debian/rules @@ -0,0 +1,102 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +PACKAGE=vyatta-op-firewall +PKGDIR=$(CURDIR)/debian/$(PACKAGE) + +CFLAGS = -Wall -g + +configure = ./configure +configure += --host=$(DEB_HOST_GNU_TYPE) +configure += --build=$(DEB_BUILD_GNU_TYPE) +configure += --prefix=/opt/vyatta +configure += --mandir=\$${prefix}/share/man +configure += --infodir=\$${prefix}/share/info +configure += CFLAGS="$(CFLAGS)" +configure += LDFLAGS="-Wl,-z,defs" + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure.ac Makefile.am + chmod +x debian/autogen.sh + debian/autogen.sh + +config.status: configure + dh_testdir + rm -f config.cache + $(configure) + +build: build-stamp + +build-stamp: config.status + dh_testdir + $(MAKE) + touch $@ + +clean: clean-patched + +# Clean everything up, including everything auto-generated +# at build time that needs not to be kept around in the Debian diff +clean-patched: + dh_testdir + dh_testroot + if test -f Makefile ; then $(MAKE) clean distclean ; fi + rm -f build-stamp + rm -f config.status config.sub config.guess config.log + rm -f aclocal.m4 configure Makefile.in Makefile INSTALL + rm -f etc/default/vyatta + rm -rf config + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(PKGDIR) install + + install -D --mode=0644 debian/lintian $(PKGDIR)/usr/share/lintian/overrides/$(PACKAGE) + install -D --mode=0644 debian/linda $(PKGDIR)/usr/share/linda/overrides/$(PACKAGE) + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_install + dh_installdebconf + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# This is an architecture independent package +# so; we have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl new file mode 100755 index 0000000..241a03a --- /dev/null +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -0,0 +1,90 @@ +#!/usr/bin/perl + +use lib "/opt/vyatta/share/perl5/"; +use VyattaConfig; +use VyattaIpTablesRule; +use VyattaIpTablesAddressFilter; + +exit 1 if ($#ARGV < 1); +my $chain_name = $ARGV[0]; +my $xsl_file = $ARGV[1]; +my $rule_num = $ARGV[2]; # rule number to match (optional) + +sub numerically { $a <=> $b; } + +sub show_chain { + my $chain = shift; + my $fh = shift; + + open(STATS, "iptables -L $chain -vn |") or exit 1; + my @stats = (); + while () { + if (!/^\s*(\d+[KMG]?)\s+(\d+[KMG]?)\s/) { + next; + } + push @stats, ($1, $2); + } + close STATS; + + print $fh "\n"; + my $config = new VyattaConfig; + $config->setLevel("firewall name $chain rule"); + my @rules = sort numerically $config->listOrigNodes(); + foreach (@rules) { + # just take the stats from the 1st iptables rule and remove unneeded stats + # (if this rule corresponds to multiple iptables rules). note that + # depending on how our rule is translated into multiple iptables rules, + # this may actually need to be the sum of all corresponding iptables stats + # instead of just taking the first pair. + my $pkts = shift @stats; + my $bytes = shift @stats; + my $rule = new VyattaIpTablesRule; + $rule->setupOrig("firewall name $chain rule $_"); + my $ipt_rules = $rule->get_num_ipt_rules(); + splice(@stats, 0, (($ipt_rules - 1) * 2)); + + if (defined($rule_num) && $rule_num != $_) { + next; + } + print $fh " \n"; + print $fh " $_\n"; + print $fh " $pkts\n"; + print $fh " $bytes\n"; + $rule->outputXml($fh); + print $fh " \n"; + } + if (!defined($rule_num)) { + # dummy rule + print $fh " \n"; + print $fh " 1025\n"; + my $pkts = shift @stats; + my $bytes = shift @stats; + print $fh " $pkts\n"; + print $fh " $bytes\n"; + my $rule = new VyattaIpTablesRule; + $rule->setupDummy(); + $rule->outputXml($fh); + print $fh " \n"; + } + print $fh "\n"; +} + +if ($chain_name eq "-all") { + my $config = new VyattaConfig; + $config->setLevel("firewall name"); + my @chains = $config->listOrigNodes(); + foreach (@chains) { + print "Firewall \"$_\":\n"; + open(RENDER, "| /opt/vyatta/libexec/xorp/render_xml $xsl_file") or exit 1; + show_chain($_, *RENDER{IO}); + close RENDER; + print "-" x 80 . "\n"; + } +} else { + open(RENDER, "| /opt/vyatta/libexec/xorp/render_xml $xsl_file") or exit 1; + show_chain($chain_name, *RENDER{IO}); + close RENDER; +} + +exit 0; + diff --git a/src/xsl/show_firewall.xsl b/src/xsl/show_firewall.xsl new file mode 100644 index 0000000..d40f024 --- /dev/null +++ b/src/xsl/show_firewall.xsl @@ -0,0 +1,202 @@ + + +]> + + + + + + + + + + + + + + + + + FORMAT HEADER LINES + + +&newln; +&newln; +State Codes: E - Established, I - Invalid, N - New, R - Related&newln; +&newln; +rule action source destination proto state +&newln; +---- ------ ------ ----------- ----- ----- +&newln; + + + + + + + + + + + + + + + + + + + + + + Range (use detail) + + + + 0.0.0.0/0 + + + + + + + + + + + + + + + + + Range (use detail) + + + + 0.0.0.0/0 + + + + + + + + + + E, + + + E + + + + + N, + + + N + + + + + R, + + + R + + + + + I, + + + I + + + + + any + + + + &newln; + + + + + src ports: + + + + , + + + + + + , + + + + + - + + + &newln; + + + + + + + dst ports: + + + + , + + + + + + , + + + + + - + + + &newln; + + + + + + diff --git a/src/xsl/show_firewall_detail.xsl b/src/xsl/show_firewall_detail.xsl new file mode 100644 index 0000000..6e970cb --- /dev/null +++ b/src/xsl/show_firewall_detail.xsl @@ -0,0 +1,236 @@ + + +]> + + + + + + + + + + + + + + + + + + +&newln; +&newln; + + + +Rule: + +&newln; + +Packets: + + + +Bytes: + +&newln; + +Action: + +&newln; + +Protocol: + +&newln; + +State: + + + E, + + + E + + + + + N, + + + N + + + + + R, + + + R + + + + + I, + + + I + + + + + any + + +&newln; + +Source +&newln; + Address: + + + + + + + + + + + + - + + + + + 0.0.0.0/0 + + +&newln; + Ports: + + + + + + + + + : + + + + + + + + + all + + + +&newln; +Destination +&newln; + Address: + + + + + + + + + + + + - + + + + + 0.0.0.0/0 + + +&newln; + Ports: + + + + + + + + + : + + + + + + + + + all + + + +&newln; + +ICMP Code: + + - + + + + + +&newln; + +ICMP Type: + + - + + + + + +&newln; +Logging: + + +&newln; + + ------------------------ + &newln; + + + + + + diff --git a/src/xsl/show_firewall_statistics.xsl b/src/xsl/show_firewall_statistics.xsl new file mode 100644 index 0000000..3c91dbe --- /dev/null +++ b/src/xsl/show_firewall_statistics.xsl @@ -0,0 +1,108 @@ + + +]> + + + + + + + + + + + + + + + + + +&newln; +&newln; +rule packets bytes action source destination +&newln; +---- ------- ----- ------ ------ ----------- +&newln; + + + + + + + + + + + + + + + + + + + + + + + + + + Range (use detail) + + + 0.0.0.0/0 + + + + + + + + + + + + + + + Range (use detail) + + + 0.0.0.0/0 + + + + +&newln; + + + + + diff --git a/src/xsl/show_firewall_statistics_brief.xsl b/src/xsl/show_firewall_statistics_brief.xsl new file mode 100644 index 0000000..fb03dc1 --- /dev/null +++ b/src/xsl/show_firewall_statistics_brief.xsl @@ -0,0 +1,110 @@ + + +]> + + + + + + + + + + + + + + + + + + + FORMAT HEADER LINES + + +&newln; +&newln; +State Codes: E - Established, I - Invalid, N - New, R - Related&newln; +&newln; +rule packets bytes action source destination +&newln; +---- ------- ----- ------ ------ ----------- +&newln; + + + + + + + + + + + + + + + + + + + + + + + Range (use detail) + + + + + + + + + + + + + + + + Range (use detail) + + + + + + + + + &newln; + + + + + diff --git a/templates/clear/firewall/name/node.tag/counters/node.def b/templates/clear/firewall/name/node.tag/counters/node.def new file mode 100644 index 0000000..7db183a --- /dev/null +++ b/templates/clear/firewall/name/node.tag/counters/node.def @@ -0,0 +1,3 @@ +help: Clear firewall counters +run: iptables -Z $4 + diff --git a/templates/show/firewall/node.def b/templates/show/firewall/node.def new file mode 100644 index 0000000..84d9b08 --- /dev/null +++ b/templates/show/firewall/node.def @@ -0,0 +1,3 @@ +help: Show firewall information +run: ${vyatta_sbindir}/vyatta-show-firewall.pl --all /opt/vyatta/xsl/show_firewall.xsl + diff --git a/templates/show/firewall/node.tag/detail/node.def b/templates/show/firewall/node.tag/detail/node.def new file mode 100644 index 0000000..bb41ddb --- /dev/null +++ b/templates/show/firewall/node.tag/detail/node.def @@ -0,0 +1,3 @@ +help: Show firewall rules (detail output) +run: ${vyatta_sbindir}/vyatta-show-firewall.pl $3 /opt/vyatta/xsl/show_firewall_tail.xsl + diff --git a/templates/show/firewall/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def new file mode 100644 index 0000000..70f91b3 --- /dev/null +++ b/templates/show/firewall/node.tag/detail/rule/node.tag/node.def @@ -0,0 +1,3 @@ +help: Show firewall rules (detail output) +run: ${vyatta_sbindir}/vyatta-show-firewall.pl $3 /opt/vyatta/xsl/show_firewall_tail.xsl $6 + diff --git a/templates/show/firewall/node.tag/node.def b/templates/show/firewall/node.tag/node.def new file mode 100644 index 0000000..6465754 --- /dev/null +++ b/templates/show/firewall/node.tag/node.def @@ -0,0 +1,3 @@ +help: Show firewall rules (summary output) +run: ${vyatta_sbindir}/vyatta-show-firewall.pl $3 /opt/vyatta/xsl/show_firewall.xsl + diff --git a/templates/show/firewall/node.tag/rule/node.tag/node.def b/templates/show/firewall/node.tag/rule/node.tag/node.def new file mode 100644 index 0000000..f862b10 --- /dev/null +++ b/templates/show/firewall/node.tag/rule/node.tag/node.def @@ -0,0 +1,3 @@ +help: Show firewall rules (summary output) +run: ${vyatta_sbindir}/vyatta-show-firewall.pl $3 /opt/vyatta/xsl/show_firewall.xsl $5 + diff --git a/templates/show/firewall/node.tag/statistics/node.def b/templates/show/firewall/node.tag/statistics/node.def new file mode 100644 index 0000000..2d160a5 --- /dev/null +++ b/templates/show/firewall/node.tag/statistics/node.def @@ -0,0 +1,3 @@ +help: Show firewall counter information +run: ${vyatta_sbindir}/vyatta-show-firewall.pl $3 /opt/vyatta/xsl/show_firewall_statistics.xsl + -- cgit v1.2.3