diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-11-10 19:26:35 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-11-10 19:26:35 +0000 |
commit | c4409d6a4e11bf2acc7b5b96888e2c471c4559e5 (patch) | |
tree | c23aff0f073c54eb7a6e35a32df2bf27ed248d15 /src/migration-scripts/policy/6-to-7 | |
parent | 1fcb8637f864e13c5208bed22f3a065b5d78f596 (diff) | |
download | vyos-1x-c4409d6a4e11bf2acc7b5b96888e2c471c4559e5.tar.gz vyos-1x-c4409d6a4e11bf2acc7b5b96888e2c471c4559e5.zip |
T5729: firewall: switch to valueless in order to remove unnecessary <enable|disable> commands; log and state moved to new syntax.
Diffstat (limited to 'src/migration-scripts/policy/6-to-7')
-rwxr-xr-x | src/migration-scripts/policy/6-to-7 | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/src/migration-scripts/policy/6-to-7 b/src/migration-scripts/policy/6-to-7 new file mode 100755 index 000000000..1f955aa02 --- /dev/null +++ b/src/migration-scripts/policy/6-to-7 @@ -0,0 +1,79 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# T5729: Switch to valueless whenever is possible. +# From + # set policy [route | route6] ... rule <rule> log enable + # set policy [route | route6] ... rule <rule> log disable +# To + # set policy [route | route6] ... rule <rule> log + # Remove command if log=disable + +import re + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree +from vyos.ifconfig import Section + +if len(argv) < 2: + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['policy'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +for family in ['route', 'route6']: + if config.exists(base + [family]): + + for policy_name in config.list_nodes(base + [family]): + if config.exists(base + [family, policy_name, 'rule']): + for rule in config.list_nodes(base + [family, policy_name, 'rule']): + # Log + if config.exists(base + [family, policy_name, 'rule', rule, 'log']): + log_value = config.return_value(base + [family, policy_name, 'rule', rule, 'log']) + config.delete(base + [family, policy_name, 'rule', rule, 'log']) + if log_value == 'enable': + config.set(base + [family, policy_name, 'rule', rule, 'log']) + # State + if config.exists(base + [family, policy_name, 'rule', rule, 'state']): + flag_enable = 'False' + for state in ['established', 'invalid', 'new', 'related']: + if config.exists(base + [family, policy_name, 'rule', rule, 'state', state]): + state_value = config.return_value(base + [family, policy_name, 'rule', rule, 'state', state]) + config.delete(base + [family, policy_name, 'rule', rule, 'state', state]) + if state_value == 'enable': + config.set(base + [family, policy_name, 'rule', rule, 'state', state]) + flag_enable = 'True' + if flag_enable == 'False': + config.delete(base + [family, policy_name, 'rule', rule, 'state']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1)
\ No newline at end of file |