summaryrefslogtreecommitdiff
path: root/src/op_mode/firewall.py
diff options
context:
space:
mode:
authorl0crian1 <ryan.claridge13@gmail.com>2024-04-01 11:14:54 -0400
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-04-06 09:57:25 +0000
commit484d5ab1fce46c70ec70cf09099e13d31b094f6e (patch)
tree0ac53b81ad58184a67b8c16e8875c4beee87069c /src/op_mode/firewall.py
parent581f1d68c4e6903f8da5530d20baa7611f5cd640 (diff)
downloadvyos-1x-484d5ab1fce46c70ec70cf09099e13d31b094f6e.tar.gz
vyos-1x-484d5ab1fce46c70ec70cf09099e13d31b094f6e.zip
modified: op-mode-definitions/firewall.xml.in
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail (cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
Diffstat (limited to 'src/op_mode/firewall.py')
-rwxr-xr-xsrc/op_mode/firewall.py38
1 files changed, 30 insertions, 8 deletions
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py
index d9a50d1b2..b7c3d87c2 100755
--- a/src/op_mode/firewall.py
+++ b/src/op_mode/firewall.py
@@ -18,6 +18,7 @@ import argparse
import ipaddress
import re
import tabulate
+import textwrap
from vyos.config import Config
from vyos.utils.process import cmd
@@ -88,6 +89,17 @@ def get_nftables_details(family, hook, priority):
out[rule_id] = rule
return out
+def output_firewall_vertical(rules, headers):
+ if args.rule:
+ rules.pop()
+
+ for rule in rules:
+ adjusted_rule = rule + [""] * (len(headers) - len(rule)) # account for different header length, like default-action
+ transformed_rule = [[header, textwrap.fill(adjusted_rule[i].replace('\n', ' '), 100)] for i, header in enumerate(headers)] # create key-pair list from headers and rules lists; wrap at 100 char
+
+ print(tabulate.tabulate(transformed_rule, tablefmt="presto"))
+ print()
+
def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=None):
print(f'\n---------------------------------\n{family} Firewall "{hook} {priority}"\n')
@@ -102,7 +114,7 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N
if 'disable' in rule_conf:
continue
- row = [rule_id, rule_conf.get('description', ''), rule_conf['action'], rule_conf['protocol'] if 'protocol' in rule_conf else 'all']
+ row = [rule_id, textwrap.fill(rule_conf.get('description') or '', 50), rule_conf['action'], rule_conf['protocol'] if 'protocol' in rule_conf else 'all']
if rule_id in details:
rule_details = details[rule_id]
row.append(rule_details.get('packets', 0))
@@ -123,7 +135,10 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N
if rows:
header = ['Rule', 'Description', 'Action', 'Protocol', 'Packets', 'Bytes', 'Conditions']
- print(tabulate.tabulate(rows, header) + '\n')
+ if args.detail:
+ output_firewall_vertical(rows, header)
+ else:
+ print(tabulate.tabulate(rows, header) + '\n')
def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule_id=None):
print(f'\n---------------------------------\n{family} Firewall "{hook} {prior}"\n')
@@ -191,7 +206,7 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule
if not oiface:
oiface = 'any'
- row = [rule_id, rule_conf.get('description', '')]
+ row = [rule_id, textwrap.fill(rule_conf.get('description') or '', 50)]
if rule_id in details:
rule_details = details[rule_id]
row.append(rule_details.get('packets', 0))
@@ -240,7 +255,10 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule
if rows:
header = ['Rule', 'Description', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface']
- print(tabulate.tabulate(rows, header) + '\n')
+ if args.detail:
+ output_firewall_vertical(rows, header)
+ else:
+ print(tabulate.tabulate(rows, header) + '\n')
def show_firewall():
print('Rulesets Information')
@@ -428,7 +446,7 @@ def show_firewall_group(name=None):
return out
- header = ['Name', 'Type', 'References', 'Members']
+ header = ['Name', 'Description','Type', 'References', 'Members']
rows = []
for group_type, group_type_conf in firewall['group'].items():
@@ -440,7 +458,7 @@ def show_firewall_group(name=None):
continue
references = find_references(group_type, group_name)
- row = [group_name, group_type, '\n'.join(references) or 'N/D']
+ row = [group_name, textwrap.fill(group_conf.get('description') or '', 50), group_type, '\n'.join(references) or 'N/D']
if 'address' in group_conf:
row.append("\n".join(sorted(group_conf['address'])))
elif 'network' in group_conf:
@@ -460,13 +478,16 @@ def show_firewall_group(name=None):
if dynamic_type in firewall['group']['dynamic_group']:
for dynamic_name, dynamic_conf in firewall['group']['dynamic_group'][dynamic_type].items():
references = find_references(dynamic_type, dynamic_name)
- row = [dynamic_name, dynamic_type + '(dynamic)', '\n'.join(references) or 'N/D']
+ row = [dynamic_name, textwrap.fill(dynamic_conf.get('description') or '', 50), dynamic_type + '(dynamic)', '\n'.join(references) or 'N/D']
row.append('N/D')
rows.append(row)
if rows:
print('Firewall Groups\n')
- print(tabulate.tabulate(rows, header))
+ if args.detail:
+ output_firewall_vertical(rows, header)
+ else:
+ print(tabulate.tabulate(rows, header))
def show_summary():
print('Ruleset Summary')
@@ -538,6 +559,7 @@ if __name__ == '__main__':
parser.add_argument('--priority', help='Firewall priority', required=False, action='store', nargs='?', default='')
parser.add_argument('--rule', help='Firewall Rule ID', required=False)
parser.add_argument('--ipv6', help='IPv6 toggle', action='store_true')
+ parser.add_argument('--detail', help='Firewall view select', required=False)
args = parser.parse_args()