From 2939e53a61d15f9a439ad1c17fe94c8698e11730 Mon Sep 17 00:00:00 2001
From: Sonia Sharma <sosha@microsoft.com>
Date: Wed, 15 Feb 2023 01:13:00 -0800
Subject: [PATCH] firewall: Add FreeBSD firewall

---
 lisa/tools/firewall.py | 51 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/lisa/tools/firewall.py b/lisa/tools/firewall.py
index 3c2329523b..0515a7ce81 100644
--- a/lisa/tools/firewall.py
+++ b/lisa/tools/firewall.py
@@ -1,8 +1,10 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT license.
+import re
 
 from lisa.base_tools import Service
 from lisa.executable import Tool
+from lisa.tools import Sed
 
 
 class Firewall(Tool):
@@ -35,6 +37,11 @@ def stop(self) -> None:
             iptables = self.node.tools[Iptables]
             iptables.stop()
             return
+        cmd_result = self.node.execute("command -v ipf", shell=True)
+        if 0 == cmd_result.exit_code:
+            ipf = self.node.tools[Ipf]
+            ipf.stop()
+            return
 
 
 class Ufw(Tool):
@@ -149,3 +156,47 @@ def can_install(self) -> bool:
     def stop(self) -> None:
         service = self.node.tools[Service]
         service.stop_service("firewalld")
+
+
+class Ipf(Tool):
+    _ipf_enable_pattern = re.compile(
+        r"(?P<param>ipfilter_enable=):*(?P<value>.*)$", re.MULTILINE
+    )
+
+    @property
+    def command(self) -> str:
+        return "ipf"
+
+    @property
+    def can_install(self) -> bool:
+        return False
+
+    def stop(self) -> None:
+        cmd_result = self.run("cat /etc/rc.conf", shell=True, sudo=True, force_run=True)
+        ipf_enable_found = re.search(self._ipf_enable_pattern, cmd_result.stdout)
+        if ipf_enable_found:
+            self.run(
+                "sed '/ipfilter_enable/s/YES/NO/g' /etc/rc.conf",
+                shell=True,
+                sudo=True,
+                force_run=True,
+            )
+
+    def start(self) -> None:
+        cmd_result = self.run("cat /etc/rc.conf", shell=True, sudo=True, force_run=True)
+        ipf_enable_found = re.search(self._ipf_enable_pattern, cmd_result.stdout)
+        if ipf_enable_found:
+            self.node.tools[Sed].substitute(
+                regexp="NO",
+                replacement="YES",
+                file="/etc/rc.conf",
+                match_lines="ipfilter_enable"
+                sudo=True,
+            )
+        else:
+            self.run(
+                'echo "ipf_enable="YES"" | sudo tee -a /etc/rc.conf >/dev/null',
+                shell=True,
+                sudo=True,
+                force_run=True,
+            )