From 44326619582f52f5439e301271f728e206e18f8b Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Thu, 12 May 2022 12:24:24 +0000 Subject: Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8 --- src/migration-scripts/firewall/6-to-7 | 27 --------------------------- 1 file changed, 27 deletions(-) (limited to 'src/migration-scripts') diff --git a/src/migration-scripts/firewall/6-to-7 b/src/migration-scripts/firewall/6-to-7 index 1e698da0b..5f4cff90d 100755 --- a/src/migration-scripts/firewall/6-to-7 +++ b/src/migration-scripts/firewall/6-to-7 @@ -19,11 +19,6 @@ # utc: nftables userspace uses localtime and calculates the UTC offset automatically # icmp/v6: migrate previously available `type-name` to valid type/code # T4178: Update tcp flags to use multi value node -# T3907: Add log levels -# `enable-default-log` --> `enable-default-log warn` -# `rule X log enable` --> `rule X log warn` -# `rule X log disable` --> No log config - import re @@ -105,9 +100,6 @@ icmpv6_translations = { if config.exists(base + ['name']): for name in config.list_nodes(base + ['name']): - if config.exists(base + ['name', name, 'enable-default-log']): - config.set(base + ['name', name, 'enable-default-log'], value='warn') - if not config.exists(base + ['name', name, 'rule']): continue @@ -116,7 +108,6 @@ if config.exists(base + ['name']): rule_time = base + ['name', name, 'rule', rule, 'time'] rule_tcp_flags = base + ['name', name, 'rule', rule, 'tcp', 'flags'] rule_icmp = base + ['name', name, 'rule', rule, 'icmp'] - rule_log = base + ['name', name, 'rule', rule, 'log'] if config.exists(rule_time + ['monthdays']): config.delete(rule_time + ['monthdays']) @@ -155,13 +146,6 @@ if config.exists(base + ['name']): config.set(rule_icmp + ['type'], value=translate[0]) config.set(rule_icmp + ['code'], value=translate[1]) - if config.exists(rule_log): - tmp = config.return_value(rule_log) - if tmp == 'disable': - config.delete(rule_log) - else: - config.set(rule_log, value='warn') - for src_dst in ['destination', 'source']: pg_base = base + ['name', name, 'rule', rule, src_dst, 'group', 'port-group'] proto_base = base + ['name', name, 'rule', rule, 'protocol'] @@ -169,9 +153,6 @@ if config.exists(base + ['name']): config.set(proto_base, value='tcp_udp') if config.exists(base + ['ipv6-name']): - if config.exists(base + ['ipv6-name', name, 'enable-default-log']): - config.set(base + ['ipv6-name', name, 'enable-default-log'], value='warn') - for name in config.list_nodes(base + ['ipv6-name']): if not config.exists(base + ['ipv6-name', name, 'rule']): continue @@ -181,7 +162,6 @@ if config.exists(base + ['ipv6-name']): rule_time = base + ['ipv6-name', name, 'rule', rule, 'time'] rule_tcp_flags = base + ['ipv6-name', name, 'rule', rule, 'tcp', 'flags'] rule_icmp = base + ['ipv6-name', name, 'rule', rule, 'icmpv6'] - rule_log = base + ['ipv6-name', name, 'rule', rule, 'log'] if config.exists(rule_time + ['monthdays']): config.delete(rule_time + ['monthdays']) @@ -232,13 +212,6 @@ if config.exists(base + ['ipv6-name']): else: config.rename(rule_icmp + ['type'], 'type-name') - if config.exists(rule_log): - tmp = config.return_value(rule_log) - if tmp == 'disable': - config.delete(rule_log) - else: - config.set(rule_log, value='warn') - for src_dst in ['destination', 'source']: pg_base = base + ['ipv6-name', name, 'rule', rule, src_dst, 'group', 'port-group'] proto_base = base + ['ipv6-name', name, 'rule', rule, 'protocol'] -- cgit v1.2.3