summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--interface-definitions/firewall.xml.in2
-rw-r--r--interface-definitions/include/firewall/bridge-custom-name.xml.i4
-rw-r--r--interface-definitions/include/firewall/bridge-hook-forward.xml.i3
-rw-r--r--interface-definitions/include/firewall/default-log.xml.i8
-rw-r--r--interface-definitions/include/firewall/enable-default-log.xml.i8
-rw-r--r--interface-definitions/include/firewall/ipv4-custom-name.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-forward.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-input.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv4-hook-output.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv6-custom-name.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-forward.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-input.xml.i4
-rw-r--r--interface-definitions/include/firewall/ipv6-hook-output.xml.i4
-rw-r--r--interface-definitions/policy-route.xml.in4
-rw-r--r--python/vyos/template.py2
-rwxr-xr-xsmoketest/scripts/cli/test_firewall.py23
16 files changed, 44 insertions, 42 deletions
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 70afdc995..a4023058f 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -368,7 +368,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
<leafNode name="default-action">
<properties>
<help>Default-action for traffic coming into this zone</help>
diff --git a/interface-definitions/include/firewall/bridge-custom-name.xml.i b/interface-definitions/include/firewall/bridge-custom-name.xml.i
index a85fd5a19..654493c0e 100644
--- a/interface-definitions/include/firewall/bridge-custom-name.xml.i
+++ b/interface-definitions/include/firewall/bridge-custom-name.xml.i
@@ -8,7 +8,7 @@
</properties>
<children>
#include <include/firewall/default-action.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<leafNode name="default-jump-target">
<properties>
@@ -36,4 +36,4 @@
</tagNode>
</children>
</tagNode>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/bridge-hook-forward.xml.i b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
index 23d757070..99f66ec77 100644
--- a/interface-definitions/include/firewall/bridge-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/bridge-hook-forward.xml.i
@@ -10,6 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -31,4 +32,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/default-log.xml.i b/interface-definitions/include/firewall/default-log.xml.i
new file mode 100644
index 000000000..dceacdb89
--- /dev/null
+++ b/interface-definitions/include/firewall/default-log.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from firewall/default-log.xml.i -->
+<leafNode name="default-log">
+ <properties>
+ <help>Log packets hitting default-action</help>
+ <valueless/>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/enable-default-log.xml.i b/interface-definitions/include/firewall/enable-default-log.xml.i
deleted file mode 100644
index 0efd8341b..000000000
--- a/interface-definitions/include/firewall/enable-default-log.xml.i
+++ /dev/null
@@ -1,8 +0,0 @@
-<!-- include start from firewall/enable-default-log.xml.i -->
-<leafNode name="enable-default-log">
- <properties>
- <help>Log packets hitting default-action</help>
- <valueless/>
- </properties>
-</leafNode>
-<!-- include end --> \ No newline at end of file
diff --git a/interface-definitions/include/firewall/ipv4-custom-name.xml.i b/interface-definitions/include/firewall/ipv4-custom-name.xml.i
index c6420fe1f..8199d15fe 100644
--- a/interface-definitions/include/firewall/ipv4-custom-name.xml.i
+++ b/interface-definitions/include/firewall/ipv4-custom-name.xml.i
@@ -8,7 +8,7 @@
</properties>
<children>
#include <include/firewall/default-action.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<leafNode name="default-jump-target">
<properties>
@@ -39,4 +39,4 @@
</tagNode>
</children>
</tagNode>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
index 100f1c3d9..de2c70482 100644
--- a/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-forward.xml.i
@@ -10,7 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -36,4 +36,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-input.xml.i b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
index 22546640b..5d32657ea 100644
--- a/interface-definitions/include/firewall/ipv4-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-input.xml.i
@@ -10,7 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -33,4 +33,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv4-hook-output.xml.i b/interface-definitions/include/firewall/ipv4-hook-output.xml.i
index 80c30cdeb..2b537ce5e 100644
--- a/interface-definitions/include/firewall/ipv4-hook-output.xml.i
+++ b/interface-definitions/include/firewall/ipv4-hook-output.xml.i
@@ -10,7 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -33,4 +33,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-custom-name.xml.i b/interface-definitions/include/firewall/ipv6-custom-name.xml.i
index 2cc45a60c..5748b3927 100644
--- a/interface-definitions/include/firewall/ipv6-custom-name.xml.i
+++ b/interface-definitions/include/firewall/ipv6-custom-name.xml.i
@@ -8,7 +8,7 @@
</properties>
<children>
#include <include/firewall/default-action.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<leafNode name="default-jump-target">
<properties>
@@ -39,4 +39,4 @@
</tagNode>
</children>
</tagNode>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
index fb38267eb..b53f09f59 100644
--- a/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-forward.xml.i
@@ -10,7 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -36,4 +36,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-hook-input.xml.i b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
index 49d4493cc..493611fb1 100644
--- a/interface-definitions/include/firewall/ipv6-hook-input.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-input.xml.i
@@ -10,7 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -33,4 +33,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/ipv6-hook-output.xml.i b/interface-definitions/include/firewall/ipv6-hook-output.xml.i
index 452b9027f..ffe1c72b8 100644
--- a/interface-definitions/include/firewall/ipv6-hook-output.xml.i
+++ b/interface-definitions/include/firewall/ipv6-hook-output.xml.i
@@ -10,7 +10,7 @@
</properties>
<children>
#include <include/firewall/default-action-base-chains.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-description.xml.i>
<tagNode name="rule">
<properties>
@@ -33,4 +33,4 @@
</node>
</children>
</node>
-<!-- include end --> \ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/policy-route.xml.in b/interface-definitions/policy-route.xml.in
index d4ec75786..92e7a0cb4 100644
--- a/interface-definitions/policy-route.xml.in
+++ b/interface-definitions/policy-route.xml.in
@@ -12,7 +12,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-interface-multi-wildcard.xml.i>
<tagNode name="rule">
<properties>
@@ -67,7 +67,7 @@
</properties>
<children>
#include <include/generic-description.xml.i>
- #include <include/firewall/enable-default-log.xml.i>
+ #include <include/firewall/default-log.xml.i>
#include <include/generic-interface-multi-wildcard.xml.i>
<tagNode name="rule">
<properties>
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 119ea54d6..b65386654 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -579,7 +579,7 @@ def nft_default_rule(fw_conf, fw_name, ipv6=False):
default_action = fw_conf['default_action']
family = 'ipv6' if ipv6 else 'ipv4'
- if 'enable_default_log' in fw_conf:
+ if 'default_log' in fw_conf:
action_suffix = default_action[:1].upper()
output.append(f'log prefix "[{family}-{fw_name[:19]}-default-{action_suffix}]"')
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 980b50556..a3885158b 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -209,7 +209,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
conn_mark = '555'
self.cli_set(['firewall', 'ipv4', 'name', name, 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv4', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv4', 'name', name, 'default-log'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'action', 'accept'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'source', 'address', '172.16.20.10'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'destination', 'address', '172.16.10.10'])
@@ -226,7 +226,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '2', 'ttl', 'gt', '102'])
self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'default-log'])
self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '3', 'action', 'accept'])
self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '3', 'protocol', 'tcp'])
self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '3', 'destination', 'port', '22'])
@@ -250,7 +250,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '6', 'connection-mark', conn_mark])
self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'default-log'])
self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'rule', '5', 'action', 'drop'])
self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'rule', '5', 'protocol', 'gre'])
self.cli_set(['firewall', 'ipv4', 'output', 'filter', 'rule', '5', 'outbound-interface', 'name', interface_inv])
@@ -291,7 +291,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
interface = 'eth0'
self.cli_set(['firewall', 'ipv4', 'name', name, 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv4', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv4', 'name', name, 'default-log'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '6', 'action', 'accept'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '6', 'packet-length', '64'])
@@ -353,7 +353,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'group', 'address-group', 'mask_group', 'address', '1.1.1.1'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv4', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv4', 'name', name, 'default-log'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'action', 'drop'])
self.cli_set(['firewall', 'ipv4', 'name', name, 'rule', '1', 'destination', 'address', '0.0.1.2'])
@@ -387,7 +387,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'global-options', 'state-policy', 'invalid', 'action', 'drop'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv6', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv6', 'name', name, 'default-log'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'action', 'accept'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'source', 'address', '2002::1'])
@@ -396,14 +396,14 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'log-options', 'level', 'crit'])
self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'default-action', 'accept'])
- self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'default-log'])
self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'action', 'reject'])
self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'protocol', 'tcp_udp'])
self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'destination', 'port', '8888'])
self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '2', 'inbound-interface', 'name', interface])
self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'default-log'])
self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'rule', '3', 'action', 'return'])
self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'rule', '3', 'protocol', 'gre'])
self.cli_set(['firewall', 'ipv6', 'output', 'filter', 'rule', '3', 'outbound-interface', 'name', interface])
@@ -446,7 +446,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
interface = 'eth0'
self.cli_set(['firewall', 'ipv6', 'name', name, 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv6', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv6', 'name', name, 'default-log'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '3', 'action', 'accept'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '3', 'packet-length', '65'])
@@ -489,7 +489,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'group', 'ipv6-address-group', 'mask_group', 'address', '::beef'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'default-action', 'drop'])
- self.cli_set(['firewall', 'ipv6', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'ipv6', 'name', name, 'default-log'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'action', 'drop'])
self.cli_set(['firewall', 'ipv6', 'name', name, 'rule', '1', 'destination', 'address', '::1111:2222:3333:4444'])
@@ -569,7 +569,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
vlan_prior = '3'
self.cli_set(['firewall', 'bridge', 'name', name, 'default-action', 'accept'])
- self.cli_set(['firewall', 'bridge', 'name', name, 'enable-default-log'])
+ self.cli_set(['firewall', 'bridge', 'name', name, 'default-log'])
self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'action', 'accept'])
self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'source', 'mac-address', mac_address])
self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'inbound-interface', 'name', interface_in])
@@ -577,6 +577,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.cli_set(['firewall', 'bridge', 'name', name, 'rule', '1', 'log-options', 'level', 'crit'])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'default-action', 'drop'])
+ self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'default-log'])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '1', 'action', 'accept'])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '1', 'vlan', 'id', vlan_id])
self.cli_set(['firewall', 'bridge', 'forward', 'filter', 'rule', '2', 'action', 'jump'])
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 21:40:04 +0000