From 3c8dbc7485e3d8eb47a687310d3a028aef6af1ce Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Tue, 29 Aug 2023 19:28:50 +0000
Subject: T5496: firewall op-mode: add fix for source and destination when not
 specified (correct ::/0 for ipv6). Also, add columns for inbound and outbound
 interfaces

---
 src/op_mode/firewall.py | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py
index ffa78abf9..581710b31 100755
--- a/src/op_mode/firewall.py
+++ b/src/op_mode/firewall.py
@@ -127,7 +127,7 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_
                     if not source_addr:
                         source_addr = dict_search_args(rule_conf, 'source', 'group', 'domain_group')
                         if not source_addr:
-                            source_addr = '0.0.0.0/0'
+                            source_addr = '::/0' if ipv6 else '0.0.0.0/0'
 
             # Get destination
             dest_addr = dict_search_args(rule_conf, 'destination', 'address')
@@ -138,7 +138,21 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_
                     if not dest_addr:
                         dest_addr = dict_search_args(rule_conf, 'destination', 'group', 'domain_group')
                         if not dest_addr:
-                            dest_addr = '0.0.0.0/0'
+                            dest_addr = '::/0' if ipv6 else '0.0.0.0/0'
+
+            # Get inbound interface
+            iiface = dict_search_args(rule_conf, 'inbound_interface', 'interface_name')
+            if not iiface:
+                iiface = dict_search_args(rule_conf, 'inbound_interface', 'interface_group')
+                if not iiface:
+                    iiface = 'any'
+
+            # Get outbound interface
+            oiface = dict_search_args(rule_conf, 'outbound_interface', 'interface_name')
+            if not oiface:
+                oiface = dict_search_args(rule_conf, 'outbound_interface', 'interface_group')
+                if not oiface:
+                    oiface = 'any'
 
             row = [rule_id]
             if rule_id in details:
@@ -151,6 +165,8 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_
             row.append(rule_conf['action'])
             row.append(source_addr)
             row.append(dest_addr)
+            row.append(iiface)
+            row.append(oiface)
             rows.append(row)
 
     if 'default_action' in prior_conf and not single_rule_id:
@@ -168,7 +184,7 @@ def output_firewall_name_statistics(hook, prior, prior_conf, ipv6=False, single_
         rows.append(row)
 
     if rows:
-        header = ['Rule', 'Packets', 'Bytes', 'Action', 'Source', 'Destination']
+        header = ['Rule', 'Packets', 'Bytes', 'Action', 'Source', 'Destination', 'Inbound-Interface', 'Outbound-interface']
         print(tabulate.tabulate(rows, header) + '\n')
 
 def show_firewall():
-- 
cgit v1.2.3