[PATCH] feat(bash): completion of policy-related commands
by Olav Reinert
Also contains:
- Completion for --set-target zones.
- Completion for --set-log-denied value.
- Completion for --add/remove/query-protocol value.
- Improved separation of permanent and non-permanent options.
Fixes: #827
---
shell-completion/bash/firewall-cmd | 129 +++++++++++++++++++++--------
1 file changed, 96 insertions(+), 33 deletions(-)
diff --git a/shell-completion/bash/firewall-cmd b/shell-completion/bash/firewall-cmd
index 494f8fa9..7ca2d346 100644
--- a/shell-completion/bash/firewall-cmd
+++ b/shell-completion/bash/firewall-cmd
@@ -32,10 +32,10 @@ OPTIONS_LOCKDOWN="--add-lockdown-whitelist-command= --remove-lockdown-whitelist-
--query-lockdown-whitelist-user= --list-lockdown-whitelist-users"
# can be used as standalone or with --permanent
-OPTIONS_CONFIG="--get-zones --get-services --get-icmptypes --get-helpers \
- ${OPTIONS_LOCKDOWN} --list-all-zones \
- --info-zone= --info-service= --info-icmptype= \
- --info-ipset= --info-helper="
+OPTIONS_CONFIG="--get-zones --get-policies --get-services --get-icmptypes --get-helpers \
+ ${OPTIONS_LOCKDOWN} --list-all-zones --list-all-policies \
+ --info-zone= --info-policy= --info-service= --info-icmptype= \
+ --info-ipset= --info-helper="
OPTIONS_ZONE_INTERFACES_SOURCES="\
--add-interface= --remove-interface= --query-interface= \
@@ -43,24 +43,37 @@ OPTIONS_ZONE_INTERFACES_SOURCES="\
--add-source= --remove-source= --query-source= \
--change-source= --list-sources"
-OPTIONS_ZONE_ACTION_ACTION="--add-service= --remove-service= --query-service= \
+OPTIONS_ZONE_POLICY_ACTION="--list-all \
+ --list-services \
+ --add-service= --remove-service= --query-service= \
+ --list-ports \
--add-port= --remove-port= --query-port= \
- --add-source-port= --remove-source-port= --query-source-port= \
+ --list-protocols \
--add-protocol= --remove-protocol= --query-protocol= \
+ --list-source-ports \
+ --add-source-port= --remove-source-port= --query-source-port= \
+ --list-icmp-blocks \
--add-icmp-block= --remove-icmp-block= --query-icmp-block= \
- --add-forward-port= --remove-forward-port= --query-forward-port="
+ --list-forward-ports \
+ --add-forward-port= --remove-forward-port= --query-forward-port= \
+ --add-masquerade --remove-masquerade --query-masquerade \
+ --list-rich-rules \
+ --add-rich-rule= --remove-rich-rule= --query-rich-rule="
-OPTIONS_ZONE_ADAPT_QUERY="--add-rich-rule= --remove-rich-rule= --query-rich-rule= \
- --add-icmp-block-inversion --remove-icmp-block-inversion \
+OPTIONS_ZONE_ADAPT_QUERY="--add-icmp-block-inversion --remove-icmp-block-inversion \
--query-icmp-block-inversion \
- --add-forward --remove-forward --query-forward \
- --add-masquerade --remove-masquerade --query-masquerade \
- --list-services --list-ports --list-protocols \
- --list-source-ports --list-icmp-blocks \
- --list-forward-ports --list-rich-rules --list-all"
+ --add-forward --remove-forward --query-forward"
+
+OPTIONS_POLICY_ADAPT_QUERY="--list-ingress-zones \
+ --add-ingress-zone= --remove-ingress-zone= --query-ingress-zone= \
+ --list-egress-zones \
+ --add-egress-zone= --remove-egress-zone= --query-egress-zone="
+
+OPTIONS_ZONE_POLICY_PERMANENT="--get-description --set-description= \
+ --get-short --set-short= \
+ --get-target --set-target="
-OPTIONS_ZONE_PERMANENT_ONLY="--get-description --get-short \
- --set-description= --set-short="
+OPTIONS_POLICY_PERMANENT="--get-priority --set-priority="
OPTIONS_IPSET_ACTION_ACTION="--add-entry= --remove-entry= --query-entry= --add-entries-from-file= --remove-entries-from-file"
@@ -68,8 +81,12 @@ OPTIONS_IPSET_ADAPT_QUERY="--list-entries"
# can be used with/without preceding --zone=<zone>
OPTIONS_ZONE="${OPTIONS_ZONE_INTERFACES_SOURCES} \
- ${OPTIONS_ZONE_ACTION_ACTION} ${OPTIONS_ZONE_ADAPT_QUERY}
- ${OPTIONS_ZONE_PERMANENT_ONLY}"
+ ${OPTIONS_ZONE_POLICY_ACTION} \
+ ${OPTIONS_ZONE_ADAPT_QUERY}"
+
+# can be used with preceeding --policy=<policy>
+OPTIONS_POLICY="${OPTIONS_ZONE_POLICY_ACTION} \
+ ${OPTIONS_POLICY_ADAPT_QUERY}"
OPTIONS_IPSET="${OPTIONS_IPSETACTION_ACTION} ${OPTIONS_IPSET_ADAPT_QUERY}"
@@ -77,10 +94,11 @@ OPTIONS_PERMANENT_ONLY="--new-icmptype= --new-icmptype-from-file= --delete-icmpt
--new-service= --new-service-from-file= --delete-service= \
--new-zone= --new-zone-from-file= --delete-zone= \
--load-zone-defaults= \
+ --new-policy= --new-policy-from-file= --delete-policy= \
+ --load-policy-defaults= \
--new-ipset= --new-helper-from-file= --delete-ipset= \
--new-helper= --new-helper-from-file= --delete-helper= \
- --get-target --set-target= \
- --path-zone= --path-service= --path-icmptype= \
+ --path-zone= --path-policy= --path-service= --path-icmptype= \
--path-ipset= --path-helper="
OPTIONS_NEW_IPSET="--type= --option="
@@ -90,14 +108,17 @@ OPTIONS_NEW_HELPER="--module= --family="
OPTIONS_HELPER=""
# can be used after --permanent
-OPTIONS_PERMANENT="${OPTIONS_CONFIG} --zone= ${OPTIONS_ZONE} \
- ${OPTIONS_PERMANENT_ONLY}"
+OPTIONS_PERMANENT="${OPTIONS_CONFIG} \
+ ${OPTIONS_PERMANENT_ONLY} \
+ --zone= ${OPTIONS_ZONE} \
+ --policy= ${OPTIONS_POLICY_PERMANENT} \
+ ${OPTIONS_ZONE_POLICY_PERMANENT}"
OPTIONS_DIRECT="--passthrough \
--add-chain --remove-chain --query-chain --get-chains --get-all-chains \
- --add-rule --remove-rule --remove-rules --query-rule --get-rules --get-all-rules \
- --add-passthrough --remove-passthrough \
- --query-passthrough --get-passthroughs --get-all-passthroughs"
+ --add-rule --remove-rule --remove-rules --query-rule --get-rules --get-all-rules \
+ --add-passthrough --remove-passthrough \
+ --query-passthrough --get-passthroughs --get-all-passthroughs"
# these all can be used as a "first" option
OPTIONS_GENERAL="--help --version \
@@ -110,6 +131,7 @@ OPTIONS_GENERAL="--help --version \
--get-zone-of-interface= --get-zone-of-interface= \
${OPTIONS_CONFIG} \
--zone= ${OPTIONS_ZONE} \
+ --policy= \
--permanent --direct"
_firewall_cmd()
@@ -119,8 +141,8 @@ _firewall_cmd()
case $prev in
--*-entries-from-file|--new-*-from-file)
- _filedir
- return
+ _filedir
+ return
;;
--new-ipset*)
if [[ "$cur" == -* ]]; then
@@ -141,8 +163,34 @@ _firewall_cmd()
COMPREPLY=( $( compgen -W '`firewall-cmd --get-zones`' -- "$cur" ) )
fi
;;
+ --add-ingress-zone|--remove-ingress-zone|--query-ingress-zone|\
+ --add-egress-zone|--remove-egress-zone|--query-egress-zone)
+ if [[ ${words[@]} == *--permanent* ]]; then
+ COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-zones` HOST ANY' -- "$cur" ) )
+ else
+ COMPREPLY=( $( compgen -W '`firewall-cmd --get-zones` HOST ANY' -- "$cur" ) )
+ fi
+ ;;
+ --policy|--info-policy|--path-policy|--load-policy-defaults|--delete-policy)
+ if [[ ${words[@]} == *--permanent* ]]; then
+ COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-policies`' -- "$cur" ) )
+ else
+ COMPREPLY=( $( compgen -W '`firewall-cmd --get-policies`' -- "$cur" ) )
+ fi
+ ;;
--zone=*)
- COMPREPLY=( $( compgen -W "${OPTIONS_ZONE}" -- "$cur" ) )
+ if [[ ${words[@]} == *--permanent* ]]; then
+ COMPREPLY=( $( compgen -W "${OPTIONS_ZONE} ${OPTIONS_ZONE_POLICY_PERMANENT}" -- "$cur" ) )
+ else
+ COMPREPLY=( $( compgen -W "${OPTIONS_ZONE}" -- "$cur" ) )
+ fi
+ ;;
+ --policy=*)
+ if [[ ${words[@]} == *--permanent* ]]; then
+ COMPREPLY=( $( compgen -W "${OPTIONS_POLICY} ${OPTIONS_POLICY_PERMANENT} ${OPTIONS_ZONE_POLICY_PERMANENT}" -- "$cur" ) )
+ else
+ COMPREPLY=( $( compgen -W "${OPTIONS_POLICY}" -- "$cur" ) )
+ fi
;;
--ipset=*)
COMPREPLY=( $( compgen -W "${OPTIONS_IPSET}" -- "$cur" ) )
@@ -186,6 +234,8 @@ _firewall_cmd()
--list-forward-ports|--add-forward-port=*|--remove-forward-port=*|--query-forward-port=*|\
--list-interfaces|--add-interface=*|--remove-interface=*|--query-interface=*|\
--list-sources|--add-source=*|--remove-source=*|--query-source=*|\
+ --add-ingress-zone=*|--remove-ingress-zone=*|\
+ --add-egress-zone=*|--remove-egress-zone=*|\
--add-forward|--remove-forward|--query-forward|\
--add-masquerade|--remove-masquerade|--query-masquerade|--list-all|\
--get-description|--get-short|--set-description=*|--set-short=*)
@@ -222,6 +272,19 @@ _firewall_cmd()
--passthrough|--*-chain|--get-chains|--*-rule|--get-rules|--remove-rules)
COMPREPLY=( $( compgen -W 'ipv4 ipv6 eb' -- "$cur" ) )
;;
+ --add-protocol|--remove-protocol|--query-protocol)
+ COMPREPLY=( $( compgen -W '`getent protocols | cut -d " " -f 1`' -- "$cur" ) )
+ ;;
+ --set-target)
+ if [[ ${words[@]} == *--policy=* ]]; then
+ COMPREPLY=( $( compgen -W 'CONTINUE ACCEPT DROP REJECT' -- "$cur" ) )
+ else
+ COMPREPLY=( $( compgen -W 'default ACCEPT DROP REJECT' -- "$cur" ) )
+ fi
+ ;;
+ --set-log-denied)
+ COMPREPLY=( $( compgen -W 'all unicast broadcast multicast off' -- "$cur" ) )
+ ;;
ipv4|ipv6|eb)
if [[ ${words[@]} == *--passthrough* ]]; then
return 0
@@ -231,11 +294,11 @@ _firewall_cmd()
;;
*)
if [[ "$cur" == -* ]]; then
- if [[ ${words[@]} == *--new-ipset* ]]; then
- COMPREPLY=( $( compgen -W "${OPTIONS_NEW_IPSET}" -- "$cur") )
- else
- COMPREPLY=( $( compgen -W "${OPTIONS_GENERAL}" -- "$cur") )
- fi
+ if [[ ${words[@]} == *--new-ipset* ]]; then
+ COMPREPLY=( $( compgen -W "${OPTIONS_NEW_IPSET}" -- "$cur") )
+ else
+ COMPREPLY=( $( compgen -W "${OPTIONS_GENERAL}" -- "$cur") )
+ fi
fi
;;
esac
--
2.36.1
1 year, 10 months
[PATCH 1/3] docs: minor typo: missing equals after --set-priority
by Olav Reinert
---
doc/xml/firewall-cmd.xml.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in
index 4fbcbc3b..34a30e5e 100644
--- a/doc/xml/firewall-cmd.xml.in
+++ b/doc/xml/firewall-cmd.xml.in
@@ -1062,7 +1062,7 @@
</varlistentry>
<varlistentry>
- <term><option>--permanent</option> <option>--policy</option>=<replaceable>policy</replaceable> <option>--set-priority</option><replaceable>priority</replaceable></term>
+ <term><option>--permanent</option> <option>--policy</option>=<replaceable>policy</replaceable> <option>--set-priority</option>=<replaceable>priority</replaceable></term>
<listitem>
<para>
Set the priority. The priority determines the relative ordering of
--
2.36.1
1 year, 11 months