From fa38551031d0a0e37663fe465b3847f652b2c5a4 Mon Sep 17 00:00:00 2001 From: Stig Thormodsrud Date: Mon, 29 Nov 2010 15:57:22 -0800 Subject: Fix 5163: 'show firewall' displays misleading output when firewall groups are used Replace "show firewall" with "show firewall detail" output. --- scripts/firewall/vyatta-show-firewall.pl | 20 +++++++++++++------- templates/show/firewall/detail/node.def | 2 -- templates/show/firewall/ipv6-modify/detail/node.def | 2 -- templates/show/firewall/ipv6-modify/node.def | 2 +- .../firewall/ipv6-modify/node.tag/detail/node.def | 3 --- .../ipv6-modify/node.tag/detail/rule/node.def | 1 - .../node.tag/detail/rule/node.tag/node.def | 8 -------- .../show/firewall/ipv6-modify/node.tag/node.def | 2 +- .../ipv6-modify/node.tag/rule/node.tag/node.def | 2 +- templates/show/firewall/ipv6-name/detail/node.def | 2 -- templates/show/firewall/ipv6-name/node.def | 2 +- .../show/firewall/ipv6-name/node.tag/detail/node.def | 3 --- .../firewall/ipv6-name/node.tag/detail/rule/node.def | 1 - .../ipv6-name/node.tag/detail/rule/node.tag/node.def | 8 -------- templates/show/firewall/ipv6-name/node.tag/node.def | 2 +- .../ipv6-name/node.tag/rule/node.tag/node.def | 2 +- templates/show/firewall/modify/detail/node.def | 2 -- templates/show/firewall/modify/node.def | 2 +- .../show/firewall/modify/node.tag/detail/node.def | 3 --- .../firewall/modify/node.tag/detail/rule/node.def | 1 - .../modify/node.tag/detail/rule/node.tag/node.def | 8 -------- templates/show/firewall/modify/node.tag/node.def | 2 +- .../firewall/modify/node.tag/rule/node.tag/node.def | 2 +- templates/show/firewall/name/detail/node.def | 2 -- templates/show/firewall/name/node.def | 2 +- .../show/firewall/name/node.tag/detail/node.def | 3 --- .../show/firewall/name/node.tag/detail/rule/node.def | 1 - .../name/node.tag/detail/rule/node.tag/node.def | 8 -------- templates/show/firewall/name/node.tag/node.def | 2 +- .../firewall/name/node.tag/rule/node.tag/node.def | 2 +- templates/show/firewall/node.def | 3 +-- 31 files changed, 26 insertions(+), 79 deletions(-) delete mode 100644 templates/show/firewall/detail/node.def delete mode 100644 templates/show/firewall/ipv6-modify/detail/node.def delete mode 100644 templates/show/firewall/ipv6-modify/node.tag/detail/node.def delete mode 100644 templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.def delete mode 100644 templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.tag/node.def delete mode 100644 templates/show/firewall/ipv6-name/detail/node.def delete mode 100644 templates/show/firewall/ipv6-name/node.tag/detail/node.def delete mode 100644 templates/show/firewall/ipv6-name/node.tag/detail/rule/node.def delete mode 100644 templates/show/firewall/ipv6-name/node.tag/detail/rule/node.tag/node.def delete mode 100644 templates/show/firewall/modify/detail/node.def delete mode 100644 templates/show/firewall/modify/node.tag/detail/node.def delete mode 100644 templates/show/firewall/modify/node.tag/detail/rule/node.def delete mode 100644 templates/show/firewall/modify/node.tag/detail/rule/node.tag/node.def delete mode 100644 templates/show/firewall/name/detail/node.def delete mode 100644 templates/show/firewall/name/node.tag/detail/node.def delete mode 100644 templates/show/firewall/name/node.tag/detail/rule/node.def delete mode 100644 templates/show/firewall/name/node.tag/detail/rule/node.tag/node.def diff --git a/scripts/firewall/vyatta-show-firewall.pl b/scripts/firewall/vyatta-show-firewall.pl index 06b2f51..77a312b 100755 --- a/scripts/firewall/vyatta-show-firewall.pl +++ b/scripts/firewall/vyatta-show-firewall.pl @@ -265,7 +265,12 @@ sub print_detail_rule { # check from CLI if we have a condition set that creates more than 1 iptable rule # currenly LOG, RECENT, protocol tcp_udp in a CLI rule result in more than 1 iptable rule my $cli_rule = new Vyatta::IpTables::Rule; - $cli_rule->setupOrig("firewall $tree $chain rule $rule"); + if ($rule eq $max_rule) { + $cli_rule->setupDummy("firewall $tree $chain"); + $cli_rule->set_ip_version($ip_version_hash{$tree}); + } else { + $cli_rule->setupOrig("firewall $tree $chain rule $rule"); + } if (defined $cli_rule->{_log} && "$cli_rule->{_log}" eq "enable") { # log enabled in rule so actual rule in iptables is second rule @@ -336,17 +341,18 @@ sub print_detail_rule { } $string_words_part1[2]=$cli_rule->{_action} if defined $cli_rule->{_action}; - $string_words_part1[2]='drop' if $rule == $max_rule; if ($iptables_cmd =~ /6/) { @string_words_part2=splice(@string_words, 2, 2);# source, destination } else { @string_words_part2=splice(@string_words, 3, 2);# source, destination } - if ($iptables_cmd =~ /6/) { - @string_words_part3=splice(@string_words, 5);# all other matches after comment - } else { - @string_words_part3=splice(@string_words, 6);# all other matches after comment + if ($rule != $max_rule) { + if ($iptables_cmd =~ /6/) { + @string_words_part3=splice(@string_words, 5);# all other matches after comment + } else { + @string_words_part3=splice(@string_words, 6);# all other matches after comment + } } my $condition='condition - '; my $string_for_part3 = join (" ", @string_words_part3); @@ -391,7 +397,7 @@ sub print_detail_rule { "$string_words_part1[0]", "$string_words_part1[1]"); print "\n"; # print condition - if ($string_for_part3 =~ /\w/ and $rule != $max_rule) { + if ($string_for_part3 =~ /\w/) { while (length($string_for_part3) > 66) { my $condition_str = substr $string_for_part3, 0 , 66; $condition .= $condition_str; diff --git a/templates/show/firewall/detail/node.def b/templates/show/firewall/detail/node.def deleted file mode 100644 index 97b88db..0000000 --- a/templates/show/firewall/detail/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show detailed firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "all_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-modify/detail/node.def b/templates/show/firewall/ipv6-modify/detail/node.def deleted file mode 100644 index 5fb43bc..0000000 --- a/templates/show/firewall/ipv6-modify/detail/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show detailed firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-modify/node.def b/templates/show/firewall/ipv6-modify/node.def index 124ca92..4aee1ea 100644 --- a/templates/show/firewall/ipv6-modify/node.def +++ b/templates/show/firewall/ipv6-modify/node.def @@ -1,2 +1,2 @@ help: Show IPv6 firewall modify chains -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-modify/node.tag/detail/node.def b/templates/show/firewall/ipv6-modify/node.tag/detail/node.def deleted file mode 100644 index 01c34a1..0000000 --- a/templates/show/firewall/ipv6-modify/node.tag/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show detailed IPv6 firewall modify rules information - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.def b/templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.def deleted file mode 100644 index a4f9757..0000000 --- a/templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show detailed IPv6 firewall modify rules information diff --git a/templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.tag/node.def deleted file mode 100644 index 9fcb7a1..0000000 --- a/templates/show/firewall/ipv6-modify/node.tag/detail/rule/node.tag/node.def +++ /dev/null @@ -1,8 +0,0 @@ -help: Show detailed information for specified IPv6 firewall modify rule - -allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes \ - firewall ipv6-modify ${COMP_WORDS[COMP_CWORD-3]} rule))" - echo -n ${vals[@]} - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$7" diff --git a/templates/show/firewall/ipv6-modify/node.tag/node.def b/templates/show/firewall/ipv6-modify/node.tag/node.def index d184b97..60f872b 100644 --- a/templates/show/firewall/ipv6-modify/node.tag/node.def +++ b/templates/show/firewall/ipv6-modify/node.tag/node.def @@ -4,4 +4,4 @@ allowed: local -a vals eval "vals=($(cli-shell-api listActiveNodes firewall ipv6-modify))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def b/templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def index d0aa3db..fa7b4cb 100644 --- a/templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def +++ b/templates/show/firewall/ipv6-modify/node.tag/rule/node.tag/node.def @@ -5,4 +5,4 @@ allowed: local -a vals firewall ipv6-modify ${COMP_WORDS[COMP_CWORD-2]} rule))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl "$6" +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$6" diff --git a/templates/show/firewall/ipv6-name/detail/node.def b/templates/show/firewall/ipv6-name/detail/node.def deleted file mode 100644 index 5fb43bc..0000000 --- a/templates/show/firewall/ipv6-name/detail/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show detailed firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-name/node.def b/templates/show/firewall/ipv6-name/node.def index b14bdec..ffd322d 100644 --- a/templates/show/firewall/ipv6-name/node.def +++ b/templates/show/firewall/ipv6-name/node.def @@ -1,2 +1,2 @@ help: Show IPv6 firewall chains -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-name/node.tag/detail/node.def b/templates/show/firewall/ipv6-name/node.tag/detail/node.def deleted file mode 100644 index 6ef355e..0000000 --- a/templates/show/firewall/ipv6-name/node.tag/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show detailed IPv6 firewall rules information - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-name/node.tag/detail/rule/node.def b/templates/show/firewall/ipv6-name/node.tag/detail/rule/node.def deleted file mode 100644 index 345643e..0000000 --- a/templates/show/firewall/ipv6-name/node.tag/detail/rule/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show detailed IPv6 firewall rules information diff --git a/templates/show/firewall/ipv6-name/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/ipv6-name/node.tag/detail/rule/node.tag/node.def deleted file mode 100644 index c231a40..0000000 --- a/templates/show/firewall/ipv6-name/node.tag/detail/rule/node.tag/node.def +++ /dev/null @@ -1,8 +0,0 @@ -help: Show detailed information for specified IPv6 firewall rule - -allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes \ - firewall ipv6-name ${COMP_WORDS[COMP_CWORD-3]} rule))" - echo -n ${vals[@]} - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$7" diff --git a/templates/show/firewall/ipv6-name/node.tag/node.def b/templates/show/firewall/ipv6-name/node.tag/node.def index 50597fa..d29ceed 100644 --- a/templates/show/firewall/ipv6-name/node.tag/node.def +++ b/templates/show/firewall/ipv6-name/node.tag/node.def @@ -4,4 +4,4 @@ allowed: local -a vals eval "vals=($(cli-shell-api listActiveNodes firewall ipv6-name))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/ipv6-name/node.tag/rule/node.tag/node.def b/templates/show/firewall/ipv6-name/node.tag/rule/node.tag/node.def index ee73ee7..512f038 100644 --- a/templates/show/firewall/ipv6-name/node.tag/rule/node.tag/node.def +++ b/templates/show/firewall/ipv6-name/node.tag/rule/node.tag/node.def @@ -5,4 +5,4 @@ allowed: local -a vals firewall ipv6-name ${COMP_WORDS[COMP_CWORD-2]} rule))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl "$6" +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$6" diff --git a/templates/show/firewall/modify/detail/node.def b/templates/show/firewall/modify/detail/node.def deleted file mode 100644 index 5fb43bc..0000000 --- a/templates/show/firewall/modify/detail/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show detailed firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/modify/node.def b/templates/show/firewall/modify/node.def index cbd2fc6..8a16e04 100644 --- a/templates/show/firewall/modify/node.def +++ b/templates/show/firewall/modify/node.def @@ -1,2 +1,2 @@ help: Show IPv4 firewall modify chains -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/modify/node.tag/detail/node.def b/templates/show/firewall/modify/node.tag/detail/node.def deleted file mode 100644 index 3e11efe..0000000 --- a/templates/show/firewall/modify/node.tag/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show detailed IPv4 firewall modify rules information - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/modify/node.tag/detail/rule/node.def b/templates/show/firewall/modify/node.tag/detail/rule/node.def deleted file mode 100644 index b67d3eb..0000000 --- a/templates/show/firewall/modify/node.tag/detail/rule/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show detailed IPv4 firewall modify rules information diff --git a/templates/show/firewall/modify/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/modify/node.tag/detail/rule/node.tag/node.def deleted file mode 100644 index c69f5ac..0000000 --- a/templates/show/firewall/modify/node.tag/detail/rule/node.tag/node.def +++ /dev/null @@ -1,8 +0,0 @@ -help: Show detailed information for specified IPv4 firewall modify rule - -allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes \ - firewall modify ${COMP_WORDS[COMP_CWORD-3]} rule))" - echo -n ${vals[@]} - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$7" diff --git a/templates/show/firewall/modify/node.tag/node.def b/templates/show/firewall/modify/node.tag/node.def index bdae565..096bac0 100644 --- a/templates/show/firewall/modify/node.tag/node.def +++ b/templates/show/firewall/modify/node.tag/node.def @@ -4,4 +4,4 @@ allowed: local -a vals eval "vals=($(cli-shell-api listActiveNodes firewall modify))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/modify/node.tag/rule/node.tag/node.def b/templates/show/firewall/modify/node.tag/rule/node.tag/node.def index d6cae43..e79461e 100644 --- a/templates/show/firewall/modify/node.tag/rule/node.tag/node.def +++ b/templates/show/firewall/modify/node.tag/rule/node.tag/node.def @@ -5,4 +5,4 @@ allowed: local -a vals firewall modify ${COMP_WORDS[COMP_CWORD-2]} rule))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl "$6" +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$6" diff --git a/templates/show/firewall/name/detail/node.def b/templates/show/firewall/name/detail/node.def deleted file mode 100644 index 5fb43bc..0000000 --- a/templates/show/firewall/name/detail/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: Show detailed firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/name/node.def b/templates/show/firewall/name/node.def index f164f73..304d983 100644 --- a/templates/show/firewall/name/node.def +++ b/templates/show/firewall/name/node.def @@ -1,2 +1,2 @@ help: Show IPv4 firewall chains -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/name/node.tag/detail/node.def b/templates/show/firewall/name/node.tag/detail/node.def deleted file mode 100644 index 0af8d69..0000000 --- a/templates/show/firewall/name/node.tag/detail/node.def +++ /dev/null @@ -1,3 +0,0 @@ -help: Show detailed IPv4 firewall rules information - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/name/node.tag/detail/rule/node.def b/templates/show/firewall/name/node.tag/detail/rule/node.def deleted file mode 100644 index 13fe7fc..0000000 --- a/templates/show/firewall/name/node.tag/detail/rule/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Show detailed IPv4 firewall rules information diff --git a/templates/show/firewall/name/node.tag/detail/rule/node.tag/node.def b/templates/show/firewall/name/node.tag/detail/rule/node.tag/node.def deleted file mode 100644 index 55ae0d6..0000000 --- a/templates/show/firewall/name/node.tag/detail/rule/node.tag/node.def +++ /dev/null @@ -1,8 +0,0 @@ -help: Show detailed information for specified IPv4 firewall rule - -allowed: local -a vals - eval "vals=($(cli-shell-api listActiveNodes \ - firewall name ${COMP_WORDS[COMP_CWORD-3]} rule))" - echo -n ${vals[@]} - -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$7" diff --git a/templates/show/firewall/name/node.tag/node.def b/templates/show/firewall/name/node.tag/node.def index 09ac2e2..8be5f15 100644 --- a/templates/show/firewall/name/node.tag/node.def +++ b/templates/show/firewall/name/node.tag/node.def @@ -4,4 +4,4 @@ allowed: local -a vals eval "vals=($(cli-shell-api listActiveNodes firewall name))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl diff --git a/templates/show/firewall/name/node.tag/rule/node.tag/node.def b/templates/show/firewall/name/node.tag/rule/node.tag/node.def index 9e00b38..6670530 100644 --- a/templates/show/firewall/name/node.tag/rule/node.tag/node.def +++ b/templates/show/firewall/name/node.tag/rule/node.tag/node.def @@ -5,4 +5,4 @@ allowed: local -a vals firewall name ${COMP_WORDS[COMP_CWORD-2]} rule))" echo -n ${vals[@]} -run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall.xsl "$6" +run: ${vyatta_bindir}/vyatta-show-firewall.pl "$3_$4" /opt/vyatta/share/xsl/show_firewall_detail.xsl "$6" diff --git a/templates/show/firewall/node.def b/templates/show/firewall/node.def index e179c45..e09a6c2 100644 --- a/templates/show/firewall/node.def +++ b/templates/show/firewall/node.def @@ -1,3 +1,2 @@ help: Show firewall information -run: ${vyatta_bindir}/vyatta-show-firewall.pl "all_all" /opt/vyatta/share/xsl/show_firewall.xsl - +run: ${vyatta_bindir}/vyatta-show-firewall.pl "all_all" /opt/vyatta/share/xsl/show_firewall_detail.xsl -- cgit v1.2.3