diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-08-29 19:28:50 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2023-08-29 19:28:50 +0000 |
| commit | 3c8dbc7485e3d8eb47a687310d3a028aef6af1ce (patch) | |
| tree | 1dbbaf115737cb50cab2ecfb08daaa06f3d84f1b /src | |
| parent | 61d3cbd51591c65c70aa1c99656fd289fd30a860 (diff) | |
| download | vyos-1x-3c8dbc7485e3d8eb47a687310d3a028aef6af1ce.tar.gz vyos-1x-3c8dbc7485e3d8eb47a687310d3a028aef6af1ce.zip | |
T5496: firewall op-mode: add fix for source and destination when not specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound interfaces
Diffstat (limited to 'src')
| -rwxr-xr-x | src/op_mode/firewall.py | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py index ffa78abf9..581710b31 100755 --- a/src/op_mode/firewall.py +++ b/src/op_mode/firewall.py @@ -127,7 +127,7 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_ if not source_addr: source_addr = dict_search_args(rule_conf, 'source', 'group', 'domain_group') if not source_addr: - source_addr = '0.0.0.0/0' + source_addr = '::/0' if ipv6 else '0.0.0.0/0' # Get destination dest_addr = dict_search_args(rule_conf, 'destination', 'address') @@ -138,7 +138,21 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_ if not dest_addr: dest_addr = dict_search_args(rule_conf, 'destination', 'group', 'domain_group') if not dest_addr: - dest_addr = '0.0.0.0/0' + dest_addr = '::/0' if ipv6 else '0.0.0.0/0' + + # Get inbound interface + iiface = dict_search_args(rule_conf, 'inbound_interface', 'interface_name') + if not iiface: + iiface = dict_search_args(rule_conf, 'inbound_interface', 'interface_group') + if not iiface: + iiface = 'any' + + # Get outbound interface + oiface = dict_search_args(rule_conf, 'outbound_interface', 'interface_name') + if not oiface: + oiface = dict_search_args(rule_conf, 'outbound_interface', 'interface_group') + if not oiface: + oiface = 'any' row = [rule_id] if rule_id in details: @@ -151,6 +165,8 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_ row.append(rule_conf['action']) row.append(source_addr) row.append(dest_addr) + row.append(iiface) + row.append(oiface) rows.append(row) if 'default_action' in prior_conf and not single_rule_id: @@ -168,7 +184,7 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_ rows.append(row) if rows: - header = ['Rule', 'Packets', 'Bytes', 'Action', 'Source', 'Destination'] + header = ['Rule', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface'] print(tabulate.tabulate(rows, header) + '\n') def show_firewall(): |