diff options
Diffstat (limited to 'src/migration-scripts')
| -rwxr-xr-x | src/migration-scripts/firewall/11-to-12 | 75 | ||||
| -rwxr-xr-x | src/migration-scripts/nat/6-to-7 | 67 | ||||
| -rwxr-xr-x | src/migration-scripts/nat66/1-to-2 | 63 | 
3 files changed, 205 insertions, 0 deletions
| diff --git a/src/migration-scripts/firewall/11-to-12 b/src/migration-scripts/firewall/11-to-12 new file mode 100755 index 000000000..51b2fa860 --- /dev/null +++ b/src/migration-scripts/firewall/11-to-12 @@ -0,0 +1,75 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program.  If not, see <http://www.gnu.org/licenses/>. + +# T5681: Firewall re-writing. Simplify cli when mathcing interface +# From +    # set firewall ... rule <rule> [inbound-interface | outboubd-interface] interface-name <iface> +    # set firewall ... rule <rule> [inbound-interface | outboubd-interface] interface-group <iface_group> +# To +    # set firewall ... rule <rule> [inbound-interface | outboubd-interface] name <iface> +    # set firewall ... rule <rule> [inbound-interface | outboubd-interface] group <iface_group> + +import re + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree +from vyos.ifconfig import Section + +if len(argv) < 2: +    print("Must specify file name!") +    exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: +    config_file = f.read() + +base = ['firewall'] +config = ConfigTree(config_file) + +if not config.exists(base): +    # Nothing to do +    exit(0) + +## FORT +## Migration from base chains +#if config.exists(base + ['interface', iface, direction]): +for family in ['ipv4', 'ipv6']: +    if config.exists(base + [family]): +        for hook in ['forward', 'input', 'output', 'name']: +            if config.exists(base + [family, hook]): +                for priority in config.list_nodes(base + [family, hook]): +                    if config.exists(base + [family, hook, priority, 'rule']): +                        for rule in config.list_nodes(base + [family, hook, priority, 'rule']): +                            for direction in ['inbound-interface', 'outbound-interface']: +                                if config.exists(base + [family, hook, priority, 'rule', rule, direction]): +                                    if config.exists(base + [family, hook, priority, 'rule', rule, direction, 'interface-name']): +                                        iface = config.return_value(base + [family, hook, priority, 'rule', rule, direction, 'interface-name']) +                                        config.set(base + [family, hook, priority, 'rule', rule, direction, 'name'], value=iface) +                                        config.delete(base + [family, hook, priority, 'rule', rule, direction, 'interface-name']) +                                    elif config.exists(base + [family, hook, priority, 'rule', rule, direction, 'interface-group']): +                                        group = config.return_value(base + [family, hook, priority, 'rule', rule, direction, 'interface-group']) +                                        config.set(base + [family, hook, priority, 'rule', rule, direction, 'group'], value=group) +                                        config.delete(base + [family, hook, priority, 'rule', rule, direction, 'interface-group']) + +try: +    with open(file_name, 'w') as f: +        f.write(config.to_string()) +except OSError as e: +    print("Failed to save the modified config: {}".format(e)) +    exit(1)
\ No newline at end of file diff --git a/src/migration-scripts/nat/6-to-7 b/src/migration-scripts/nat/6-to-7 new file mode 100755 index 000000000..b5f6328ef --- /dev/null +++ b/src/migration-scripts/nat/6-to-7 @@ -0,0 +1,67 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program.  If not, see <http://www.gnu.org/licenses/>. + +# T5681: Firewall re-writing. Simplify cli when mathcing interface +# From +#   'set nat [source|destination] rule X [inbound-interface|outbound interface] interface-name <iface>' +#   'set nat [source|destination] rule X [inbound-interface|outbound interface] interface-group <iface_group>' +# to +#   'set nat [source|destination] rule X [inbound-interface|outbound interface] name <iface>' +#   'set nat [source|destination] rule X [inbound-interface|outbound interface] group <iface_group>' + +from sys import argv,exit +from vyos.configtree import ConfigTree + +if len(argv) < 2: +    print("Must specify file name!") +    exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: +    config_file = f.read() + +config = ConfigTree(config_file) + +if not config.exists(['nat']): +    # Nothing to do +    exit(0) + +for direction in ['source', 'destination']: +    # If a node doesn't exist, we obviously have nothing to do. +    if not config.exists(['nat', direction]): +        continue + +    # However, we also need to handle the case when a 'source' or 'destination' sub-node does exist, +    # but there are no rules under it. +    if not config.list_nodes(['nat', direction]): +        continue + +    for rule in config.list_nodes(['nat', direction, 'rule']): +        base = ['nat', direction, 'rule', rule] +        for iface in ['inbound-interface','outbound-interface']: +            if config.exists(base + [iface]): +                if config.exists(base + [iface, 'interface-name']): +                    tmp = config.return_value(base + [iface, 'interface-name']) +                    config.delete(base + [iface, 'interface-name']) +                    config.set(base + [iface, 'name'], value=tmp) + +try: +    with open(file_name, 'w') as f: +        f.write(config.to_string()) +except OSError as e: +    print("Failed to save the modified config: {}".format(e)) +    exit(1) diff --git a/src/migration-scripts/nat66/1-to-2 b/src/migration-scripts/nat66/1-to-2 new file mode 100755 index 000000000..b7d4e3f6b --- /dev/null +++ b/src/migration-scripts/nat66/1-to-2 @@ -0,0 +1,63 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program.  If not, see <http://www.gnu.org/licenses/>. + +# T5681: Firewall re-writing. Simplify cli when mathcing interface +# From +#   'set nat66 [source|destination] rule X [inbound-interface|outbound interface] <iface>' +# to +#   'set nat66 [source|destination] rule X [inbound-interface|outbound interface] name <iface>' + +from sys import argv,exit +from vyos.configtree import ConfigTree + +if len(argv) < 2: +    print("Must specify file name!") +    exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: +    config_file = f.read() + +config = ConfigTree(config_file) +if not config.exists(['nat66']): +    # Nothing to do +    exit(0) + +for direction in ['source', 'destination']: +    # If a node doesn't exist, we obviously have nothing to do. +    if not config.exists(['nat66', direction]): +        continue + +    # However, we also need to handle the case when a 'source' or 'destination' sub-node does exist, +    # but there are no rules under it. +    if not config.list_nodes(['nat66', direction]): +        continue + +    for rule in config.list_nodes(['nat66', direction, 'rule']): +        base = ['nat66', direction, 'rule', rule] +        for iface in ['inbound-interface','outbound-interface']: +            if config.exists(base + [iface]): +                tmp = config.return_value(base + [iface]) +                config.delete(base + [iface]) +                config.set(base + [iface, 'name'], value=tmp) + +try: +    with open(file_name, 'w') as f: +        f.write(config.to_string()) +except OSError as e: +    print("Failed to save the modified config: {}".format(e)) +    exit(1) | 
