From 42d658e0dbe38d9293940624abbf1c881db92454 Mon Sep 17 00:00:00 2001 From: John Southworth Date: Fri, 6 Jan 2012 16:10:49 -0800 Subject: Bugfix: 7712 add zone-policy operational mode command --- Makefile.am | 3 ++ scripts/vyatta-show-zone.pl | 56 ++++++++++++++++++++++ templates-op/show/zone-policy/node.def | 2 + templates-op/show/zone-policy/zone/node.def | 1 + .../show/zone-policy/zone/node.tag/node.def | 5 ++ 5 files changed, 67 insertions(+) create mode 100644 scripts/vyatta-show-zone.pl create mode 100644 templates-op/show/zone-policy/node.def create mode 100644 templates-op/show/zone-policy/zone/node.def create mode 100644 templates-op/show/zone-policy/zone/node.tag/node.def diff --git a/Makefile.am b/Makefile.am index d2a0a11..0744079 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,6 +6,8 @@ bin_sudo_usersdir = $(bindir)/sudo-users curverdir = $(sysconfdir)/config-migrate/current curver_DATA = cfg-version/zone-policy@1 +bin_SCRIPTS = scripts/vyatta-show-zone.pl + sbin_SCRIPTS = scripts/vyatta-zone.pl sbin_SCRIPTS += scripts/vyatta-zone-ips.pl @@ -17,3 +19,4 @@ cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ install-exec-hook: mkdir -p $(DESTDIR)$(cfgdir) cd templates-cfg; $(cpiop) $(DESTDIR)$(cfgdir) + cd templates-op; $(cpiop) $(DESTDIR)$(opdir) diff --git a/scripts/vyatta-show-zone.pl b/scripts/vyatta-show-zone.pl new file mode 100644 index 0000000..501e278 --- /dev/null +++ b/scripts/vyatta-show-zone.pl @@ -0,0 +1,56 @@ +#!/usr/bin/env perl +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Zone; +use Getopt::Long; +my $zone_in; +GetOptions("zone=s" => \$zone_in); + +my $zone_hash = Vyatta::Zone::get_zone_hash(); +my $format = " %-20s%-35s%s\n"; +for my $zone (sort(keys %{$zone_hash})) { + if (defined $zone_in){ + next unless $zone eq $zone_in; + } + print "-------------------\n"; + print "Name: $zone" . + (defined($zone_hash->{$zone}{'description'}) + ? " [$zone_hash->{$zone}{'description'}]\n" : "\n"); + print "\n"; + print "Interfaces: @{$zone_hash->{$zone}{'interfaces'}}\n"; + print "\n"; + print "From Zone:\n"; + printf($format, "name", "firewall", "content-inspection"); + printf($format, "----", "--------", "------------------"); + for my $from_zone (sort(keys(%{$zone_hash->{$zone}{'from'}}))){ + my ($firewall, $ipv6_firewall, $ci); + $firewall = $zone_hash->{$zone}{'from'}->{$from_zone}{'firewall'}->{'ipv4'} + if (defined($zone_hash->{$zone}{'from'}->{$from_zone}{'firewall'}->{'ipv4'})); + $ipv6_firewall = $zone_hash->{$zone}{'from'}->{$from_zone}{'firewall'}->{'ipv6'} + if (defined($zone_hash->{$zone}{'from'}->{$from_zone}{'firewall'}->{'ipv6'})); + $ci = $zone_hash->{$zone}{'from'}->{$from_zone}{'content-inspection'} + if (defined($zone_hash->{$zone}{'from'}->{$from_zone}{'content-inspection'})); + if (defined($firewall)){ + if (defined($ci)) { + printf($format, "$from_zone", "$firewall", "$ci"); + } else { + printf($format, "$from_zone", "$firewall", "disabled"); + } + if (defined($ipv6_firewall)){ + printf($format, "", "$ipv6_firewall [v6]", ""); + } + } elsif (defined($ipv6_firewall)){ + if (defined($ci)) { + printf($format, "$from_zone", "$ipv6_firewall [v6]", "$ci"); + } else { + printf($format, "$from_zone", "$ipv6_firewall [v6]", "disabled"); + } + } else { + if (defined($ci)) { + printf($format, "$from_zone", "-", "$ci"); + } else { + printf($format, "$from_zone", "-", "disabled"); + } + } + } + print "\n"; +} diff --git a/templates-op/show/zone-policy/node.def b/templates-op/show/zone-policy/node.def new file mode 100644 index 0000000..d29570b --- /dev/null +++ b/templates-op/show/zone-policy/node.def @@ -0,0 +1,2 @@ +help: Show summary of zone policy for a specific zone +run: /opt/vyatta/bin/vyatta-show-zone.pl diff --git a/templates-op/show/zone-policy/zone/node.def b/templates-op/show/zone-policy/zone/node.def new file mode 100644 index 0000000..7925164 --- /dev/null +++ b/templates-op/show/zone-policy/zone/node.def @@ -0,0 +1 @@ +help: Show zone policy for a specific zone diff --git a/templates-op/show/zone-policy/zone/node.tag/node.def b/templates-op/show/zone-policy/zone/node.tag/node.def new file mode 100644 index 0000000..dc5f404 --- /dev/null +++ b/templates-op/show/zone-policy/zone/node.tag/node.def @@ -0,0 +1,5 @@ +help: Show zone policy for a specific zone +allowed: local -a vals + eval "vals=($(cli-shell-api listActiveNodes zone-policy zone))" + echo -n '' ${vals[@]} +run: /opt/vyatta/bin/vyatta-show-zone.pl --zone=$4 -- cgit v1.2.3