parse label from running firewall config, for https://github.com/opnsense/core/issues/1788

2026-03-14 16:44:39 +00:00 · 2017-11-03 22:41:07 +01:00 · 2017-11-03 22:41:07 +01:00 · e580afeab5
commit e580afeab5
parent eeb7cc097e
2 changed files with 24 additions and 0 deletions
--- a/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Diagnostics/fw_log.volt
@ -211,6 +211,7 @@ POSSIBILITY OF SUCH DAMAGE.
                              <th data-column-id="src" data-type="address">{{ lang._('Source') }}</th>
                              <th data-column-id="dst" data-type="address">{{ lang._('Destination') }}</th>
                              <th data-column-id="protoname" data-type="string">{{ lang._('Proto') }}</th>
+                              <th data-column-id="label" data-type="string">{{ lang._('Label') }}</th>
                              <th data-column-id="" data-type="info" style="width:20px;"></th>
                          </tr>
                        </thead>
--- a/src/opnsense/scripts/filter/read_log.py
+++ b/src/opnsense/scripts/filter/read_log.py
@ -33,6 +33,8 @@ import sys
 import md5
 import argparse
 import ujson
+import tempfile
+import subprocess
 sys.path.insert(0, "/usr/local/opnsense/site-python")
 from log_helper import reverse_log_reader, fetch_clog
 from params import update_params
@ -64,12 +66,31 @@ def update_rule(target, metadata_target, ruleparts, spec):
    # full spec
    metadata_target['__spec__'] = spec

+def fetch_rules_descriptions():
+    """ Fetch rule descriptions from the current running config if available
+        :return : rule details per line number
+    """
+    result = dict()
+    if os.path.isfile('/tmp/rules.debug'):
+        with tempfile.NamedTemporaryFile() as output_stream:
+            subprocess.call(['/sbin/pfctl', '-vvPnf', '/tmp/rules.debug'], stdout=output_stream, stderr=open(os.devnull, 'wb'))
+            output_stream.seek(0)
+            for line in output_stream.read().strip().split('\n'):
+                if line.startswith('@'):
+                    line_id = line.split()[0][1:]
+                    result[line_id] = {'label': ''.join(line.split(' label ')[-1:]).strip()[1:-1]}
+    return result
+
+
 if __name__ == '__main__':
    # read parameters
    parameters = {'limit': '0', 'digest': ''}
    update_params(parameters)
    parameters['limit'] = int(parameters['limit'])

+    # parse current running config
+    running_conf_descr = fetch_rules_descriptions()
+
    result = list()
    for record in reverse_log_reader(fetch_clog(filter_log)):
        if record['line'].find('filterlog') > -1:
@ -104,6 +125,8 @@ if __name__ == '__main__':
                            update_rule(rule, metadata, rulep, fields_ipv6_carp)

            rule.update(metadata)
+            if 'rulenr' in rule and rule['rulenr'] in running_conf_descr:
+                rule['label'] = running_conf_descr[rule['rulenr']]['label']
            result.append(rule)

            # handle exit criteria, row limit or last digest