search

ndejong / pfsense_fauxapi

REST based API interface for pfSense 2.3.x and 2.4.x to facilitate devops
Apache License 2.0
354 stars 61 forks source link

Edit which pfctl command the rule_get call does #13

Closed buttersausage closed 6 years ago

buttersausage commented 7 years ago

Hi there! First things first, awesome work on this one!

I would like to know if I can get the equivalent of the pfctl -vvs rules command from the faux_api call, but the call does pfctl -sr -vv instead. Is there any way I can amend this to use the option I need?

Need this because the -vvs gives a nice list with the rule number included, while -sr -vv does not. I need this so I am able to parse the rules according to its rule number in a single call. Any help would be appreciated

buttersausage commented 7 years ago

Upon further testing, it seems that the rule number is in the command itself, but is not returned in the curl output.

@334(0) anchor "tftp-proxy/*" all
  [ Evaluations: 7112201   Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 3540 State Creations: 0     ]
@335(0) anchor "miniupnpd" all
  [ Evaluations: 7112453   Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: pid 3540 State Creations: 0     ]

vs

      {
        "rule": "anchor \"tftp-proxy/*\" all",
        "evaluations": "7010222",
        "packets": "0",
        "bytes": "0",
        "states": "0",
        "inserted": "3540",
        "statecreations": "0"
      },
      {
        "rule": "anchor \"miniupnpd\" all",
        "evaluations": "7010467",
        "packets": "0",
        "bytes": "0",
        "states": "0",
        "inserted": "3540",
        "statecreations": "0"
      }
ndejong commented 7 years ago

Interesting - i recall writing this statement feeling i was not getting the source-of-truth pf rule numbers correctly - i suspect i'll adjust this to return the real pf rule-number - will need to look at this closer when i have a little more time over the weekend - N

On 13 Sep 2017, at 22:40, itsmeh notifications@github.com wrote:

I need to get the equivalent of the pfctl -vvs rules command from the faux_api call, but the call does pfctl -sr -vv instead. Is there any way I can amend this to use the option I need?

Need this because the -vvs gives a nice list with the rule number included, while -sr -vv does not. Any help would be appreciated

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ndejong/pfsense_fauxapi/issues/13, or mute the thread https://github.com/notifications/unsubscribe-auth/AAM2KmVK75MTT4fQat0pK2I7M82LNzhZks5sh81FgaJpZM4PWC4m .

ndejong commented 7 years ago

I've taken a look at the code behind this and can confirm that fauxapi is correctly parsing the pf-source-of-truth rule number, it might be entirely obvious because the array index number is the rule number

Right now, this means for you to obtain the rule number you will need to adjust your code to discover the array index number in your code.

I'll improve this in the next release to include a rule_number attribute that explicitly names the rule number to avoid any doubt.

I'll be adjusting the statecreations attribute to be more correct as well with state_creations instead

ndejong commented 6 years ago

Following up on this

New release (1.3) is due shortly and will add a number (as in rule number) attribute and changes statecreations to the slightly more correct state_creations

Closing