File: //opt/cpguard/app/scripts/fw_list.sh
#!/bin/bash
# Run nft list ruleset and suppress long element lists
nft list ruleset | awk '
BEGIN {
in_set = 0
in_elements = 0
element_count = 0
buffer = ""
elements_buffer = ""
}
# Match the start of a set definition
/^[[:space:]]+(set) / {
# Flush any previous set
if (in_set) {
flush_set()
}
# Start new set
in_set = 1
in_elements = 0
element_count = 0
buffer = $0 "\n"
elements_buffer = ""
next
}
# Match lines that are part of set definition (indented)
/^[[:space:]]+/ {
if (!in_set) {
print
next
}
# Set properties
if ($1 == "type" || $1 == "flags" || $1 == "auto-merge" || $1 == "size" || $1 == "timeout" || $1 == "gc-interval" || $1 == "policy" || $1 == "comment") {
buffer = buffer $0 "\n"
next
}
# Start of elements
if ($1 == "elements") {
in_elements = 1
match($0, /^[[:space:]]+/)
indent = substr($0, 1, RLENGTH)
buffer = buffer indent
next
}
# Inside elements block
if (in_elements) {
# Check for closing brace of elements first
if ($0 ~ /^[[:space:]]+}[[:space:]]*$/) {
# Store the closing brace separately
elements_closing_brace = $0
next
}
# Store elements lines
elements_buffer = elements_buffer $0 "\n"
# Count elements - count actual IPs/entries, not commas
gsub(/^[[:space:]]+/, "", $0) # Remove leading whitespace
gsub(/[[:space:]]+$/, "", $0) # Remove trailing whitespace
gsub(/,$/, "", $0) # Remove trailing comma
if ($0 ~ /[0-9a-fA-F:.]|"/ && $0 !~ /^[[:space:]]*$/) {
# Split by comma and count non-empty entries
n = split($0, items, /,[[:space:]]*/)
for (i = 1; i <= n; i++) {
gsub(/^[[:space:]]+/, "", items[i])
gsub(/[[:space:]]+$/, "", items[i])
if (items[i] != "") {
element_count++
}
}
}
next
}
# Closing brace of set
if ($0 ~ /^[[:space:]]+}[[:space:]]*$/) {
flush_set()
print $0
# Reset for next set
in_set = 0
in_elements = 0
element_count = 0
buffer = ""
elements_buffer = ""
elements_closing_brace = ""
next
}
buffer = buffer $0 "\n"
next
}
# Match any other line (non-indented) - table/chain definitions, rules, etc.
{
# Flush any pending set
if (in_set) {
flush_set()
in_set = 0
in_elements = 0
element_count = 0
buffer = ""
elements_buffer = ""
elements_closing_brace = ""
}
print
}
function flush_set() {
if (in_elements && element_count > 0) {
printf "%s", buffer
if (element_count <= 50) {
# Show all elements
printf "elements = {\n"
printf "%s", elements_buffer
# Get indentation from closing brace
match(elements_closing_brace, /^[[:space:]]+/)
ind = substr(elements_closing_brace, 1, RLENGTH)
printf "%s\t\t \033[33m# Total: %d entries\033[0m\n", ind, element_count
print elements_closing_brace
} else {
# Show first 20 elements
printf "elements = {\n"
# Parse and print first 20 elements
split(elements_buffer, lines, "\n")
printed = 0
for (i = 1; i <= length(lines) && printed < 20; i++) {
if (lines[i] ~ /[0-9a-fA-F:.]|"/) {
line = lines[i]
# Extract indentation
match(line, /^[[:space:]]+/)
ind = substr(line, 1, RLENGTH)
rest = substr(line, RLENGTH + 1)
# Remove trailing comma and whitespace
gsub(/,[[:space:]]*$/, "", rest)
split(rest, items, /,[[:space:]]*/)
for (j = 1; j <= length(items) && printed < 20; j++) {
gsub(/^[[:space:]]+/, "", items[j])
gsub(/[[:space:]]+$/, "", items[j])
if (items[j] != "") {
if (printed > 0) printf ",\n"
printf "%s%s", ind, items[j]
printed++
}
}
}
}
# Get indentation from closing brace
match(elements_closing_brace, /^[[:space:]]+/)
ind = substr(elements_closing_brace, 1, RLENGTH)
printf ",\n%s\t\t \033[36m# +%d entries...\033[0m\n", ind, element_count - printed
printf "%s\t\t \033[33m# Total: %d entries\033[0m\n", ind, element_count
print elements_closing_brace
}
} else if (in_elements && element_count == 0) {
printf "%s", buffer
printf "elements = { }\n"
} else {
printf "%s", buffer
}
}
END {
if (in_set) {
flush_set()
}
}
'