-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
T6188: add description to show firewall #3219
Conversation
Since descriptions can be very long I assume there will be a linewrap at the end? Would it be possible to add the method MySQL is using where you can have some terminator of the show command to get it in lines instead of columns (in MySQL case its the use of "\G" instead of ";")? Like regular output is:
While with a "I want this in lines instead of columns" terminator the output would be something like this instead:
|
It does not currently wrap, though that is something I was hoping to get feedback on. If the desire is to wrap, after how many characters should it wrap? My immediate thoughts were 50. I set this to 30 just to show how it would look in general:
The other output should be possible, I could do something like this: def show_firewall_vertical(rules):
headers = ["Rule", "Description", "Action", "Protocol", "Packets", "Bytes", "Conditions"]
max_header_length = max(len(header) for header in headers)
for rule in rules:
for header, item in zip(headers, rule):
formatted_header = header.ljust(max_header_length)
print(f"{formatted_header} : {item}")
print()
def output_firewall_name(family, hook, priority, firewall_conf, single_rule_id=None):
if rows:
if <some arg is passed>:
show_firewall_vertical(rows)
else:
header = ['Rule', 'Description', 'Action', 'Protocol', 'Packets', 'Bytes', 'Conditions']
print(tabulate.tabulate(rows, header) + '\n') This is the output when I run it:
We'd need a useful switch in the op-definition structure to call it for passing the arg. Maybe something like "fieldview"? Definitely open to suggestions there. |
I think the wrapping should be left for the output to select since you can either be in a regular serialconsole of 80x25 or some highresmode which brings more characters per line or even through SSH with a 4k monitor which will be plenty of lines. Suggestion regarding command in op mode:
Which would allow for looking at a specific rule aswell like so:
"mode" could of course be called "display" or "view" or something proper to be reused for other commands where an vertical output could be something good to be able to choose. |
I like the idea of the output.
But it should show only rule 20 in this case :)
|
I'm currently just taking the 'rows' list that is created in all of the different 'output_firewall' functions and reformatting it to that view. That way it will work for all of the different "show firewall" op commands. I can pop the second element in the list if the rules argument is present to remove the default action from that view: def output_firewall_vertical(rules, headers):
if args.rule:
rules.pop()
max_header_length = max(len(header) for header in headers)
for rule in rules:
for header, item in zip(headers, rule):
formatted_header = header.ljust(max_header_length)
print(f"{formatted_header} : " + item.replace("\n"," "))
print() That generates this output:
I like the simplicity of |
The normal command when looking at rules also shows the default rule:
Do you want me to make that change in general, where the default rule isn't listed when looking at a specific rule? So it would look like this whenever trying to look at a specific rule:
|
If you know how to fix it, then fix it :) What I expect we'll have
Or start with only the rule, then we'll think about if we want to see it in other places |
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail
I didn't see this before pushing the commit right now. I can just move the popping of the list under the output_firewall_name function instead of just in the output_firewall_vertical function. I just pushed that commit, this should be done at this point. Here is a summary of the additional show capabillities. Description column was added for these commands and their subsections. Descriptions are wrapped at 50 characters for readability with long descriptions:
Detail view was added for these commands. Values are wrapped to 100 characters for readability:
I didn't add a general detail output for |
Even if "rule 20 detail" should show just rule 20 I think its handy to also always display what is the default. On the other hand there can be other rules that will get a hit so always displaying default might be a false sense of security as in "nice, this packet wont match rule 20 so it should hit the default" while in fact you might have for example rule 30 (which isnt displayed) which would also match and use its action before it hits the default. So I would probably vote for to not display the default unless no rules are specified (or "rule any" is specified) or the "rule default" is specified. |
For readability in console sessions, moved the description column to only be shown in the detail view. Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions.
Done! I also changed the wrapping for the description column in the detail view to 65 characters to keep the overall line below 80 characters. |
@Mergifyio backport sagitta |
✅ Backports have been created
|
Change Summary
Types of changes
Related Task(s)
https://vyos.dev/T6188
Related PR(s)
Component(s) name
src/op_mode/firewall.py
Proposed changes
This change adds the Firewall Description that exists under the rules config as a column in "show firewall" op-mode commands.
Description column was added for these commands and their subsections:
Detail view was added for these commands:
How to test
Type "show firewall" command(s):
Type "show firewall" command with detail option available:
-->
Smoketest result