Skip to content

Commit

Permalink
Merge pull request vyos#3715 from HollyGurza/T6313
Browse files Browse the repository at this point in the history
T6313: Add "NAT" to "generate" command for rule resequence
  • Loading branch information
c-po authored Jun 27, 2024
2 parents da1515c + 142545b commit 7d91768
Show file tree
Hide file tree
Showing 6 changed files with 89 additions and 44 deletions.
29 changes: 1 addition & 28 deletions op-mode-definitions/generate_firewall_rule-resequence.xml.in
Original file line number Diff line number Diff line change
Expand Up @@ -7,34 +7,7 @@
<help>Firewall</help>
</properties>
<children>
<node name="rule-resequence">
<properties>
<help>Resequence the firewall rules</help>
</properties>
<command>${vyos_op_scripts_dir}/generate_firewall_rule-resequence.py</command>
<children>
<tagNode name="start">
<properties>
<help>Set the first sequence number</help>
<completionHelp>
<list>1-1000</list>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/generate_firewall_rule-resequence.py --start $5</command>
<children>
<tagNode name="step">
<properties>
<help>Step between rules</help>
<completionHelp>
<list>1-1000</list>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/generate_firewall_rule-resequence.py --start $5 --step $7</command>
</tagNode>
</children>
</tagNode>
</children>
</node>
#include <include/rule-resequence.xml.i>
</children>
</node>
</children>
Expand Down
15 changes: 15 additions & 0 deletions op-mode-definitions/generate_nat64_rule-resequence.xml.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="generate">
<children>
<node name="nat64">
<properties>
<help>Network Address Translation (NAT64)</help>
</properties>
<children>
#include <include/rule-resequence.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
15 changes: 15 additions & 0 deletions op-mode-definitions/generate_nat66_rule-resequence.xml.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="generate">
<children>
<node name="nat66">
<properties>
<help>Network Prefix Translation (NAT66/NPTv6)</help>
</properties>
<children>
#include <include/rule-resequence.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
15 changes: 15 additions & 0 deletions op-mode-definitions/generate_nat_rule-resequence.xml.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="generate">
<children>
<node name="nat">
<properties>
<help>Network Address Translation (NAT)</help>
</properties>
<children>
#include <include/rule-resequence.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
30 changes: 30 additions & 0 deletions op-mode-definitions/include/rule-resequence.xml.i
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<!-- included start from show-nht.xml.i -->
<node name="rule-resequence">
<properties>
<help>Resequence rules</help>
</properties>
<command>${vyos_op_scripts_dir}/generate_service_rule-resequence.py --service $2</command>
<children>
<tagNode name="start">
<properties>
<help>Set the first sequence number</help>
<completionHelp>
<list>1-1000</list>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/generate_service_rule-resequence.py --service $2 --start $5</command>
<children>
<tagNode name="step">
<properties>
<help>Step between rules</help>
<completionHelp>
<list>1-1000</list>
</completionHelp>
</properties>
<command>${vyos_op_scripts_dir}/generate_service_rule-resequence.py --service $2 --start $5 --step $7</command>
</tagNode>
</children>
</tagNode>
</children>
</node>
<!-- included end -->
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def change_rule_numbers(config_dict, start, step):
change_rule_numbers(config_dict[key], start, step)


def convert_rule_keys_to_int(config_dict):
def convert_rule_keys_to_int(config_dict, prev_key=None):
"""
Converts rule keys in the configuration dictionary to integers.
Expand All @@ -91,11 +91,11 @@ def convert_rule_keys_to_int(config_dict):
new_dict = {}
for key, value in config_dict.items():
# Convert key to integer if possible
new_key = int(key) if key.isdigit() else key
new_key = int(key) if key.isdigit() and prev_key == 'rule' else key

# Recur for nested dictionaries
if isinstance(value, dict):
new_value = convert_rule_keys_to_int(value)
new_value = convert_rule_keys_to_int(value, key)
else:
new_value = value

Expand All @@ -111,27 +111,24 @@ def convert_rule_keys_to_int(config_dict):
if __name__ == "__main__":
# Parse command-line arguments
parser = argparse.ArgumentParser(description='Convert dictionary to set commands with rule number modifications.')
parser.add_argument('--start', type=int, default=100, help='Start rule number')
parser.add_argument('--service', type=str, help='Name of service')
parser.add_argument('--start', type=int, default=100, help='Start rule number (default: 100)')
parser.add_argument('--step', type=int, default=10, help='Step for rule numbers (default: 10)')
args = parser.parse_args()

config = ConfigTreeQuery()
if not config.exists('firewall'):
print('Firewall is not configured')
if not config.exists(args.service):
print(f'{args.service} is not configured')
exit(1)

config_dict = config.get_config_dict('firewall')
config_dict = config.get_config_dict(args.service)

# Remove global-options, group and flowtable as they don't need sequencing
if 'global-options' in config_dict['firewall']:
del config_dict['firewall']['global-options']
if 'firewall' in config_dict:
# Remove global-options, group and flowtable as they don't need sequencing
for item in ['global-options', 'group', 'flowtable']:
if item in config_dict['firewall']:
del config_dict['firewall'][item]

if 'group' in config_dict['firewall']:
del config_dict['firewall']['group']

if 'flowtable' in config_dict['firewall']:
del config_dict['firewall']['flowtable']

# Convert rule keys to integers, rule "10" -> rule 10
# This is necessary for sorting the rules
config_dict = convert_rule_keys_to_int(config_dict)
Expand Down

0 comments on commit 7d91768

Please sign in to comment.