Merge pull request #1158 from sarthurdev/firewall

firewall: policy: T4131: T4144: T4159: T4164: Fix reported firewall issues, policy-route refactor

2 files changed, 13 insertions, 10 deletions

diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py
index cf70890a6..030a9b19a 100755
--- a/src/op_mode/firewall.py
+++ b/src/op_mode/firewall.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import argparse
+import ipaddress
 import json
 import re
 import tabulate
@@ -266,13 +267,15 @@ def show_firewall_group(name=None):
                 continue
 
             references = find_references(group_type, group_name)
-            row = [group_name, group_type, ', '.join(references)]
+            row = [group_name, group_type, '\n'.join(references) or 'N/A']
             if 'address' in group_conf:
-                row.append(", ".join(group_conf['address']))
+                row.append("\n".join(sorted(group_conf['address'], key=ipaddress.ip_address)))
             elif 'network' in group_conf:
-                row.append(", ".join(group_conf['network']))
+                row.append("\n".join(sorted(group_conf['network'], key=ipaddress.ip_network)))
             elif 'port' in group_conf:
-                row.append(", ".join(group_conf['port']))
+                row.append("\n".join(sorted(group_conf['port'])))
+            else:
+                row.append('N/A')
             rows.append(row)
 
     if rows:
@@ -302,7 +305,7 @@ def show_summary():
         for name, name_conf in firewall['ipv6_name'].items():
             description = name_conf.get('description', '')
             interfaces = ", ".join(name_conf['interface'])
-            v6_out.append([name, description, interfaces])
+            v6_out.append([name, description, interfaces or 'N/A'])
 
     if v6_out:
         print('\nIPv6 name:\n')
diff --git a/src/op_mode/policy_route.py b/src/op_mode/policy_route.py
index e0b4ac514..95a7eadac 100755
--- a/src/op_mode/policy_route.py
+++ b/src/op_mode/policy_route.py
@@ -26,7 +26,7 @@ def get_policy_interfaces(conf, policy, name=None, ipv6=False):
     interfaces = conf.get_config_dict(['interfaces'], key_mangling=('-', '_'),
                                       get_first_key=True, no_tag_node_value_mangle=True)
 
-    routes = ['route', 'ipv6_route']
+    routes = ['route', 'route6']
 
     def parse_if(ifname, if_conf):
         if 'policy' in if_conf:
@@ -52,7 +52,7 @@ def get_policy_interfaces(conf, policy, name=None, ipv6=False):
 def get_config_policy(conf, name=None, ipv6=False, interfaces=True):
     config_path = ['policy']
     if name:
-        config_path += ['ipv6-route' if ipv6 else 'route', name]
+        config_path += ['route6' if ipv6 else 'route', name]
 
     policy = conf.get_config_dict(config_path, key_mangling=('-', '_'),
                                 get_first_key=True, no_tag_node_value_mangle=True)
@@ -64,7 +64,7 @@ def get_config_policy(conf, name=None, ipv6=False, interfaces=True):
                 for route_name, route_conf in policy['route'].items():
                     route_conf['interface'] = []
 
-            if 'ipv6_route' in policy:
+            if 'route6' in policy:
                 for route_name, route_conf in policy['ipv6_route'].items():
                     route_conf['interface'] = []
 
@@ -151,8 +151,8 @@ def show_policy(ipv6=False):
         for route, route_conf in policy['route'].items():
             output_policy_route(route, route_conf, ipv6=False)
 
-    if ipv6 and 'ipv6_route' in policy:
-        for route, route_conf in policy['ipv6_route'].items():
+    if ipv6 and 'route6' in policy:
+        for route, route_conf in policy['route6'].items():
             output_policy_route(route, route_conf, ipv6=True)
 
 def show_policy_name(name, ipv6=False):