diff options
author | l0crian1 <ryan.claridge13@gmail.com> | 2024-04-01 11:14:54 -0400 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-06 09:57:25 +0000 |
commit | 484d5ab1fce46c70ec70cf09099e13d31b094f6e (patch) | |
tree | 0ac53b81ad58184a67b8c16e8875c4beee87069c /src/op_mode/firewall.py | |
parent | 581f1d68c4e6903f8da5530d20baa7611f5cd640 (diff) | |
download | vyos-1x-484d5ab1fce46c70ec70cf09099e13d31b094f6e.tar.gz vyos-1x-484d5ab1fce46c70ec70cf09099e13d31b094f6e.zip |
modified: op-mode-definitions/firewall.xml.in
- Added show firewall <sections> detail paths
modified: src/op_mode/firewall.py
- Added Description as a header to normal "show firewall" commands
- Added 'detail' view which shows the output in a list key-pair format
Description column was added for these commands and their subsections:
show firewall statistics
show firewall groups
show firewall <family>
Detail view was added for these commands:
show firewall bridge forward filter detail
show firewall bridge forward filter rule <rule#> detail
show firewall bridge name <chain> detail
show firewall bridge name <chain> rule <rule#> detail
show firewall ipv4 forward filter detail
show firewall ipv4 forward filter rule <rule#> detail
show firewall ipv4 input filter detail
show firewall ipv4 input filter rule <rule#> detail
show firewall ipv4 output filter detail
show firewall ipv4 output filter rule <rule#> detail
show firewall ipv4 name <chain> detail
show firewall ipv4 name <chain> rule <rule#> detail
show firewall ipv6 forward filter detail
show firewall ipv6 forward filter rule <rule#> detail
show firewall ipv6 input filter detail
show firewall ipv6 input filter rule <rule#> detail
show firewall ipv6 output filter detail
show firewall ipv6 output filter rule <rule#> detail
show firewall ipv6 name <chain> detail
show firewall ipv6 name <chain> rule <rule#> detail
show firewall group detail
show firewall group <group> detail
(cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
Diffstat (limited to 'src/op_mode/firewall.py')
-rwxr-xr-x | src/op_mode/firewall.py | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py index d9a50d1b2..b7c3d87c2 100755 --- a/src/op_mode/firewall.py +++ b/src/op_mode/firewall.py @@ -18,6 +18,7 @@ import argparse import ipaddress import re import tabulate +import textwrap from vyos.config import Config from vyos.utils.process import cmd @@ -88,6 +89,17 @@ def get_nftables_details(family, hook, priority): out[rule_id] = rule return out +def output_firewall_vertical(rules, headers): + if args.rule: + rules.pop() + + for rule in rules: + adjusted_rule = rule + [""] * (len(headers) - len(rule)) # account for different header length, like default-action + transformed_rule = [[header, textwrap.fill(adjusted_rule[i].replace('\n', ' '), 100)] for i, header in enumerate(headers)] # create key-pair list from headers and rules lists; wrap at 100 char + + print(tabulate.tabulate(transformed_rule, tablefmt="presto")) + print() + def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=None): print(f'\n---------------------------------\n{family} Firewall "{hook} {priority}"\n') @@ -102,7 +114,7 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N if 'disable' in rule_conf: continue - row = [rule_id, rule_conf.get('description', ''), rule_conf['action'], rule_conf['protocol'] if 'protocol' in rule_conf else 'all'] + row = [rule_id, textwrap.fill(rule_conf.get('description') or '', 50), rule_conf['action'], rule_conf['protocol'] if 'protocol' in rule_conf else 'all'] if rule_id in details: rule_details = details[rule_id] row.append(rule_details.get('packets', 0)) @@ -123,7 +135,10 @@ def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=N if rows: header = ['Rule', 'Description', 'Action', 'Protocol', 'Packets', 'Bytes', 'Conditions'] - print(tabulate.tabulate(rows, header) + '\n') + if args.detail: + output_firewall_vertical(rows, header) + else: + print(tabulate.tabulate(rows, header) + '\n') def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule_id=None): print(f'\n---------------------------------\n{family} Firewall "{hook} {prior}"\n') @@ -191,7 +206,7 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule if not oiface: oiface = 'any' - row = [rule_id, rule_conf.get('description', '')] + row = [rule_id, textwrap.fill(rule_conf.get('description') or '', 50)] if rule_id in details: rule_details = details[rule_id] row.append(rule_details.get('packets', 0)) @@ -240,7 +255,10 @@ def output_firewall_name_statistics(family, hook, prior, prior_conf, single_rule if rows: header = ['Rule', 'Description', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface'] - print(tabulate.tabulate(rows, header) + '\n') + if args.detail: + output_firewall_vertical(rows, header) + else: + print(tabulate.tabulate(rows, header) + '\n') def show_firewall(): print('Rulesets Information') @@ -428,7 +446,7 @@ def show_firewall_group(name=None): return out - header = ['Name', 'Type', 'References', 'Members'] + header = ['Name', 'Description','Type', 'References', 'Members'] rows = [] for group_type, group_type_conf in firewall['group'].items(): @@ -440,7 +458,7 @@ def show_firewall_group(name=None): continue references = find_references(group_type, group_name) - row = [group_name, group_type, '\n'.join(references) or 'N/D'] + row = [group_name, textwrap.fill(group_conf.get('description') or '', 50), group_type, '\n'.join(references) or 'N/D'] if 'address' in group_conf: row.append("\n".join(sorted(group_conf['address']))) elif 'network' in group_conf: @@ -460,13 +478,16 @@ def show_firewall_group(name=None): if dynamic_type in firewall['group']['dynamic_group']: for dynamic_name, dynamic_conf in firewall['group']['dynamic_group'][dynamic_type].items(): references = find_references(dynamic_type, dynamic_name) - row = [dynamic_name, dynamic_type + '(dynamic)', '\n'.join(references) or 'N/D'] + row = [dynamic_name, textwrap.fill(dynamic_conf.get('description') or '', 50), dynamic_type + '(dynamic)', '\n'.join(references) or 'N/D'] row.append('N/D') rows.append(row) if rows: print('Firewall Groups\n') - print(tabulate.tabulate(rows, header)) + if args.detail: + output_firewall_vertical(rows, header) + else: + print(tabulate.tabulate(rows, header)) def show_summary(): print('Ruleset Summary') @@ -538,6 +559,7 @@ if __name__ == '__main__': parser.add_argument('--priority', help='Firewall priority', required=False, action='store', nargs='?', default='') parser.add_argument('--rule', help='Firewall Rule ID', required=False) parser.add_argument('--ipv6', help='IPv6 toggle', action='store_true') + parser.add_argument('--detail', help='Firewall view select', required=False) args = parser.parse_args() |