From 2953cf418a08e825767c172178fe1886644379a3 Mon Sep 17 00:00:00 2001
From: Arseniy Kuznetsov <k.arseniy@gmail.com>
Date: Mon, 14 Nov 2022 20:35:00 +0100
Subject: [PATCH] optional ipv6 firewall, disabled by default

---
 mktxp/_mktxp.conf                     | 25 +++++++++++++++++
 mktxp/cli/config/config.py            |  9 ++++---
 mktxp/cli/config/mktxp.conf           |  7 +++--
 mktxp/collector/firewall_collector.py |  2 ++
 mktxp/mktxp.conf                      | 39 +++++++++++++++++++++++++++
 5 files changed, 77 insertions(+), 5 deletions(-)
 create mode 100644 mktxp/_mktxp.conf
 create mode 100644 mktxp/mktxp.conf

diff --git a/mktxp/_mktxp.conf b/mktxp/_mktxp.conf
new file mode 100644
index 0000000..7275688
--- /dev/null
+++ b/mktxp/_mktxp.conf
@@ -0,0 +1,25 @@
+## Copyright (c) 2020 Arseniy Kuznetsov
+##
+## This program is free software; you can redistribute it and/or
+## modify it under the terms of the GNU General Public License
+## as published by the Free Software Foundation; either version 2
+## of the License, or (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+
+
+[MKTXP]
+    port = 49090
+    socket_timeout = 2
+    
+    initial_delay_on_failure = 120
+    max_delay_on_failure = 900
+    delay_inc_div = 5
+
+	bandwidth = True                # Turns metrics bandwidth metrics collection on / off    
+	bandwidth_test_interval = 420   # Interval for colllecting bandwidth metrics
+
+    verbose_mode = False            # Set it on for troubleshooting
diff --git a/mktxp/cli/config/config.py b/mktxp/cli/config/config.py
index 78e2c86..542f6cc 100755
--- a/mktxp/cli/config/config.py
+++ b/mktxp/cli/config/config.py
@@ -42,6 +42,10 @@ class MKTXPConfigKeys:
     FE_IP_CONNECTIONS_KEY = 'connections'    
     FE_INTERFACE_KEY = 'interface'
     FE_FIREWALL_KEY = 'firewall'
+    
+    FE_IPV6_FIREWALL_KEY = 'ipv6_firewall'
+    FE_IPV6_NEIGHBOR_KEY = 'ipv6_neighbor'
+
     FE_MONITOR_KEY = 'monitor'
     FE_ROUTE_KEY = 'route'
     FE_WIRELESS_KEY = 'wireless'
@@ -50,7 +54,6 @@ class MKTXPConfigKeys:
     FE_CAPSMAN_CLIENTS_KEY = 'capsman_clients'
     FE_POE_KEY = 'poe'
     FE_PUBLIC_IP_KEY = 'public_ip'
-    FE_IPV6_NEIGHBOR_KEY = 'ipv6_neighbor'
     FE_NETWATCH_KEY = 'netwatch'
 
     MKTXP_SOCKET_TIMEOUT = 'socket_timeout'    
@@ -81,7 +84,7 @@ class MKTXPConfigKeys:
     DEFAULT_MKTXP_INC_DIV = 5
     DEFAULT_MKTXP_BANDWIDTH_TEST_INTERVAL = 420
 
-    BOOLEAN_KEYS_NO = {ENABLED_KEY, SSL_KEY, NO_SSL_CERTIFICATE, SSL_CERTIFICATE_VERIFY, FE_IPV6_NEIGHBOR_KEY}
+    BOOLEAN_KEYS_NO = {ENABLED_KEY, SSL_KEY, NO_SSL_CERTIFICATE, SSL_CERTIFICATE_VERIFY, FE_IPV6_FIREWALL_KEY, FE_IPV6_NEIGHBOR_KEY}
     
     # Feature keys enabled by default
     BOOLEAN_KEYS_YES = {FE_DHCP_KEY, FE_DHCP_LEASE_KEY, FE_DHCP_POOL_KEY, FE_IP_CONNECTIONS_KEY, FE_INTERFACE_KEY, FE_FIREWALL_KEY,
@@ -107,7 +110,7 @@ class ConfigEntry:
                                                  MKTXPConfigKeys.FE_DHCP_KEY, MKTXPConfigKeys.FE_DHCP_LEASE_KEY, MKTXPConfigKeys.FE_DHCP_POOL_KEY, MKTXPConfigKeys.FE_INTERFACE_KEY, MKTXPConfigKeys.FE_FIREWALL_KEY,
                                                  MKTXPConfigKeys.FE_MONITOR_KEY, MKTXPConfigKeys.FE_ROUTE_KEY, MKTXPConfigKeys.FE_WIRELESS_KEY, MKTXPConfigKeys.FE_WIRELESS_CLIENTS_KEY, MKTXPConfigKeys.FE_IP_CONNECTIONS_KEY,
                                                  MKTXPConfigKeys.FE_CAPSMAN_KEY, MKTXPConfigKeys.FE_CAPSMAN_CLIENTS_KEY, MKTXPConfigKeys.FE_POE_KEY, MKTXPConfigKeys.FE_NETWATCH_KEY, MKTXPConfigKeys.MKTXP_USE_COMMENTS_OVER_NAMES,
-                                                 MKTXPConfigKeys.FE_PUBLIC_IP_KEY, MKTXPConfigKeys.FE_IPV6_NEIGHBOR_KEY
+                                                 MKTXPConfigKeys.FE_PUBLIC_IP_KEY, MKTXPConfigKeys.FE_IPV6_FIREWALL_KEY, MKTXPConfigKeys.FE_IPV6_NEIGHBOR_KEY
                                                  ])
     MKTXPSystemEntry = namedtuple('MKTXPSystemEntry', [MKTXPConfigKeys.PORT_KEY, MKTXPConfigKeys.MKTXP_SOCKET_TIMEOUT,
                                                   MKTXPConfigKeys.MKTXP_INITIAL_DELAY, MKTXPConfigKeys.MKTXP_MAX_DELAY,
diff --git a/mktxp/cli/config/mktxp.conf b/mktxp/cli/config/mktxp.conf
index 1f768d6..8119a2d 100644
--- a/mktxp/cli/config/mktxp.conf
+++ b/mktxp/cli/config/mktxp.conf
@@ -29,11 +29,14 @@
     connections = True              # IP connections metrics
     pool = True                     # Pool metrics
     interface = True                # Interfaces traffic metrics
-    firewall = True                 # Firewall rules traffic metrics
+    
+    firewall = True                 # IPv4 Firewall rules traffic metrics
+    ipv6_firewall = False           # IPv6 Firewall rules traffic metrics
+    ipv6_neighbor = False           # Reachable IPv6 Neighbors
+
     monitor = True                  # Interface monitor metrics
     poe = True                      # POE metrics
     public_ip = True                # Public IP metrics
-    ipv6_neighbor = False           # Reachable IPv6 Neighbors
     route = True                    # Routes metrics
     wireless = True                 # WLAN general metrics
     wireless_clients = True         # WLAN clients metrics
diff --git a/mktxp/collector/firewall_collector.py b/mktxp/collector/firewall_collector.py
index 6d9951f..e79755c 100644
--- a/mktxp/collector/firewall_collector.py
+++ b/mktxp/collector/firewall_collector.py
@@ -43,6 +43,8 @@ class FirewallCollector(BaseCollector):
             yield firewall_raw_metrics
 
         # ~*~*~*~*~*~ IPv6 ~*~*~*~*~*~
+        if not router_entry.config_entry.ipv6_firewall:
+            return        
         firewall_filter_records_ipv6 =  FirewallMetricsDataSource.metric_records_ipv6(router_entry, metric_labels = firewall_labels)
         if firewall_filter_records_ipv6:           
             metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records_ipv6]
diff --git a/mktxp/mktxp.conf b/mktxp/mktxp.conf
new file mode 100644
index 0000000..6b8e7a1
--- /dev/null
+++ b/mktxp/mktxp.conf
@@ -0,0 +1,39 @@
+## Copyright (c) 2020 Arseniy Kuznetsov
+##
+## This program is free software; you can redistribute it and/or
+## modify it under the terms of the GNU General Public License
+## as published by the Free Software Foundation; either version 2
+## of the License, or (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+
+
+[Sample-Router]
+    interface = True
+    wireless = True
+    connections = True
+    netwatch = True
+    wireless_clients = True
+    poe = True
+    public_ip = True
+    dhcp_lease = True
+    capsman_clients = True
+    use_comments_over_names = True
+    capsman = True
+    monitor = True
+    dhcp = True
+    firewall = True
+    pool = True
+    enabled = False
+    ssl_certificate_verify = False
+    no_ssl_certificate = False
+    use_ssl = False
+    route = True
+    ipv6_neighbor = False
+    hostname = localhost
+    username = username
+    password = password
+    port = 8728