summaryrefslogtreecommitdiff
path: root/src/op_mode/generate_firewall_rule-resequence.py
diff options
context:
space:
mode:
authorkhramshinr <khramshinr@gmail.com>2024-06-24 19:56:21 +0600
committerkhramshinr <khramshinr@gmail.com>2024-06-27 14:04:24 +0600
commit142545b0535d0a994182389c99b7bcd6d7c37c24 (patch)
treeb4fb7e646164b0fadfbeff45af5ab1e86b31cdad /src/op_mode/generate_firewall_rule-resequence.py
parentc90a55375f6b60ba0d0d545b33927a2aae4d6aad (diff)
downloadvyos-1x-142545b0535d0a994182389c99b7bcd6d7c37c24.tar.gz
vyos-1x-142545b0535d0a994182389c99b7bcd6d7c37c24.zip
T6313: Add "NAT" to "generate" command for rule resequence
Diffstat (limited to 'src/op_mode/generate_firewall_rule-resequence.py')
-rwxr-xr-xsrc/op_mode/generate_firewall_rule-resequence.py148
1 files changed, 0 insertions, 148 deletions
diff --git a/src/op_mode/generate_firewall_rule-resequence.py b/src/op_mode/generate_firewall_rule-resequence.py
deleted file mode 100755
index 21441f689..000000000
--- a/src/op_mode/generate_firewall_rule-resequence.py
+++ /dev/null
@@ -1,148 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2023 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-import argparse
-from vyos.configquery import ConfigTreeQuery
-
-
-def convert_to_set_commands(config_dict, parent_key=''):
- """
- Converts a configuration dictionary into a list of set commands.
-
- Args:
- config_dict (dict): The configuration dictionary.
- parent_key (str): The parent key for nested dictionaries.
-
- Returns:
- list: A list of set commands.
- """
- commands = []
- for key, value in config_dict.items():
- current_key = parent_key + key if parent_key else key
-
- if isinstance(value, dict):
- if not value:
- commands.append(f"set {current_key}")
- else:
- commands.extend(
- convert_to_set_commands(value, f"{current_key} "))
-
- elif isinstance(value, list):
- for item in value:
- commands.append(f"set {current_key} '{item}'")
-
- elif isinstance(value, str):
- commands.append(f"set {current_key} '{value}'")
-
- return commands
-
-
-def change_rule_numbers(config_dict, start, step):
- """
- Changes rule numbers in the configuration dictionary.
-
- Args:
- config_dict (dict): The configuration dictionary.
- start (int): The starting rule number.
- step (int): The step to increment the rule numbers.
-
- Returns:
- None
- """
- if 'rule' in config_dict:
- rule_dict = config_dict['rule']
- updated_rule_dict = {}
- rule_num = start
- for rule_key in sorted(rule_dict.keys()):
- updated_rule_dict[str(rule_num)] = rule_dict[rule_key]
- rule_num += step
- config_dict['rule'] = updated_rule_dict
-
- for key in config_dict:
- if isinstance(config_dict[key], dict):
- change_rule_numbers(config_dict[key], start, step)
-
-
-def convert_rule_keys_to_int(config_dict):
- """
- Converts rule keys in the configuration dictionary to integers.
-
- Args:
- config_dict (dict or list): The configuration dictionary or list.
-
- Returns:
- dict or list: The modified dictionary or list.
- """
- if isinstance(config_dict, dict):
- new_dict = {}
- for key, value in config_dict.items():
- # Convert key to integer if possible
- new_key = int(key) if key.isdigit() else key
-
- # Recur for nested dictionaries
- if isinstance(value, dict):
- new_value = convert_rule_keys_to_int(value)
- else:
- new_value = value
-
- new_dict[new_key] = new_value
-
- return new_dict
- elif isinstance(config_dict, list):
- return [convert_rule_keys_to_int(item) for item in config_dict]
- else:
- return config_dict
-
-
-if __name__ == "__main__":
- # Parse command-line arguments
- parser = argparse.ArgumentParser(description='Convert dictionary to set commands with rule number modifications.')
- parser.add_argument('--start', type=int, default=100, help='Start rule number')
- parser.add_argument('--step', type=int, default=10, help='Step for rule numbers (default: 10)')
- args = parser.parse_args()
-
- config = ConfigTreeQuery()
- if not config.exists('firewall'):
- print('Firewall is not configured')
- exit(1)
-
- config_dict = config.get_config_dict('firewall')
-
- # Remove global-options, group and flowtable as they don't need sequencing
- if 'global-options' in config_dict['firewall']:
- del config_dict['firewall']['global-options']
-
- if 'group' in config_dict['firewall']:
- del config_dict['firewall']['group']
-
- if 'flowtable' in config_dict['firewall']:
- del config_dict['firewall']['flowtable']
-
- # Convert rule keys to integers, rule "10" -> rule 10
- # This is necessary for sorting the rules
- config_dict = convert_rule_keys_to_int(config_dict)
-
- # Apply rule number modifications
- change_rule_numbers(config_dict, start=args.start, step=args.step)
-
- # Convert to 'set' commands
- set_commands = convert_to_set_commands(config_dict)
-
- print()
- for command in set_commands:
- print(command)
- print()