From patchwork Fri May 20 14:35:36 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
X-Patchwork-Id: 12913
X-Patchwork-Delegate: thomas@monjalon.net
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [IPv6:::1])
	by dpdk.org (Postfix) with ESMTP id 1A900B44F;
	Fri, 20 May 2016 16:35:13 +0200 (CEST)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
	by dpdk.org (Postfix) with ESMTP id 55C1FB449
	for <dev@dpdk.org>; Fri, 20 May 2016 16:35:10 +0200 (CEST)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by fmsmga102.fm.intel.com with ESMTP; 20 May 2016 07:35:09 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.26,339,1459839600"; d="scan'208";a="971173539"
Received: from gklab-246-018.igk.intel.com (HELO stargo) ([10.217.246.18])
	by fmsmga001.fm.intel.com with SMTP; 20 May 2016 07:35:06 -0700
Received: by stargo (sSMTP sendmail emulation);
	Fri, 20 May 2016 16:38:26 +0200
From: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
To: dev@dpdk.org
Cc: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>,
	Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Date: Fri, 20 May 2016 16:35:36 +0200
Message-Id: <1463754940-8114-4-git-send-email-piotrx.t.azarewicz@intel.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1463754940-8114-1-git-send-email-piotrx.t.azarewicz@intel.com>
References: <1462550250-1256-1-git-send-email-michalx.k.jastrzebski@intel.com>
	<1463754940-8114-1-git-send-email-piotrx.t.azarewicz@intel.com>
Subject: [dpdk-dev] [PATCH v2 3/7] examples/ip_pipeline: modifies firewall
	pipeline CLI
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Each command are merged into one: cmd_firewall_parsed.
ADD command format is changed:
p <pipeline ID> firewall add priority <priority> ipv4 <sipaddr>
<sipdepth> <dipaddr> <dipdepth> <sport0> <sport1> <dport0> <dport1>
<proto> <protomask> port <port ID>

and bulk command was modified:
1. firewall add bulk
File line format:
priority <priority> ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>
<sport0> <sport1> <dport0> <dport1> <proto> <protomask> port <port ID>
(protomask is a hex value)
File line example:
priority 0 ipv4 1.2.3.0 24 10.20.30.40 32 0 63 64 127 6 0xF port 3

2. firewall del bulk
File line format:
ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth> <sport0> <sport1>
<dport0> <dport1> <proto> <protomask>
File line example:
ipv4 1.2.3.0 24 10.20.30.40 32 0 63 64 127 6 0xF

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
---
 examples/ip_pipeline/config/firewall.cfg          |   68 +
 examples/ip_pipeline/config/firewall.sh           |   13 +
 examples/ip_pipeline/config/firewall.txt          |    9 +
 examples/ip_pipeline/pipeline/pipeline_firewall.c | 1461 ++++++++-------------
 examples/ip_pipeline/pipeline/pipeline_firewall.h |   12 +
 5 files changed, 622 insertions(+), 941 deletions(-)
 create mode 100644 examples/ip_pipeline/config/firewall.cfg
 create mode 100644 examples/ip_pipeline/config/firewall.sh
 create mode 100644 examples/ip_pipeline/config/firewall.txt

diff --git a/examples/ip_pipeline/config/firewall.cfg b/examples/ip_pipeline/config/firewall.cfg
new file mode 100644
index 0000000..2f5dd9f
--- /dev/null
+++ b/examples/ip_pipeline/config/firewall.cfg
@@ -0,0 +1,68 @@
+;   BSD LICENSE
+;
+;   Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
+;   All rights reserved.
+;
+;   Redistribution and use in source and binary forms, with or without
+;   modification, are permitted provided that the following conditions
+;   are met:
+;
+;     * Redistributions of source code must retain the above copyright
+;       notice, this list of conditions and the following disclaimer.
+;     * Redistributions in binary form must reproduce the above copyright
+;       notice, this list of conditions and the following disclaimer in
+;       the documentation and/or other materials provided with the
+;       distribution.
+;     * Neither the name of Intel Corporation nor the names of its
+;       contributors may be used to endorse or promote products derived
+;       from this software without specific prior written permission.
+;
+;   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+;   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+;   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+;   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+;   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+;   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+;   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+;   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+;   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+;   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+;   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+;             _______________
+; RXQ0.0 --->|               |---> TXQ0.0
+;            |               |
+; RXQ1.0 --->|               |---> TXQ1.0
+;            |   Firewall    |
+; RXQ2.0 --->|               |---> TXQ2.0
+;            |               |
+; RXQ3.0 --->|               |---> TXQ3.0
+;            |_______________|
+;                    |
+;                    +-----------> SINK0 (default rule)
+;
+; Input packet: Ethernet/IPv4
+;
+; Packet buffer layout:
+; #	Field Name		Offset (Bytes)	Size (Bytes)
+; 0	Mbuf			0 		128
+; 1	Headroom		128 		128
+; 2	Ethernet header		256 		14
+; 3	IPv4 header		270 		20
+
+[EAL]
+log_level = 0
+
+[PIPELINE0]
+type = MASTER
+core = 0
+
+[PIPELINE1]
+type = FIREWALL
+core = 1
+pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0
+pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 SINK0
+n_rules = 4096
+pkt_type = ipv4
+;pkt_type = vlan_ipv4
+;pkt_type = qinq_ipv4
diff --git a/examples/ip_pipeline/config/firewall.sh b/examples/ip_pipeline/config/firewall.sh
new file mode 100644
index 0000000..c83857e
--- /dev/null
+++ b/examples/ip_pipeline/config/firewall.sh
@@ -0,0 +1,13 @@
+#
+# run ./config/firewall.sh
+#
+
+p 1 firewall add default 4 #SINK0
+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.0.0.0 10 0 65535 0 65535 6 0xF port 0
+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.64.0.0 10 0 65535 0 65535 6 0xF port 1
+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.128.0.0 10 0 65535 0 65535 6 0xF port 2
+p 1 firewall add priority 1 ipv4 0.0.0.0 0 100.192.0.0 10 0 65535 0 65535 6 0xF port 3
+
+#p 1 firewall add bulk ./config/firewall.txt
+
+p 1 firewall ls
diff --git a/examples/ip_pipeline/config/firewall.txt b/examples/ip_pipeline/config/firewall.txt
new file mode 100644
index 0000000..54cfffd
--- /dev/null
+++ b/examples/ip_pipeline/config/firewall.txt
@@ -0,0 +1,9 @@
+#
+# p <pipelineid> firewall add bulk ./config/firewall.txt
+# p <pipelineid> firewall del bulk ./config/firewall.txt
+#
+
+priority 1 ipv4 0.0.0.0 0 100.0.0.0 10 0 65535 0 65535 6 0xF port 0
+priority 1 ipv4 0.0.0.0 0 100.64.0.0 10 0 65535 0 65535 6 0xF port 1
+priority 1 ipv4 0.0.0.0 0 100.128.0.0 10 0 65535 0 65535 6 0xF port 2
+priority 1 ipv4 0.0.0.0 0 100.192.0.0 10 0 65535 0 65535 6 0xF port 3
diff --git a/examples/ip_pipeline/pipeline/pipeline_firewall.c b/examples/ip_pipeline/pipeline/pipeline_firewall.c
index fd897d5..30b22a1 100644
--- a/examples/ip_pipeline/pipeline/pipeline_firewall.c
+++ b/examples/ip_pipeline/pipeline/pipeline_firewall.c
@@ -30,9 +30,11 @@
  *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
+#include <errno.h>
 #include <stdio.h>
 #include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
 #include <sys/queue.h>
 #include <netinet/in.h>
 
@@ -43,15 +45,11 @@
 #include <cmdline_parse.h>
 #include <cmdline_parse_num.h>
 #include <cmdline_parse_string.h>
-#include <cmdline_parse_ipaddr.h>
-#include <cmdline_parse_etheraddr.h>
-#include <cmdline_socket.h>
 
 #include "app.h"
 #include "pipeline_common_fe.h"
 #include "pipeline_firewall.h"
-
-#define BUF_SIZE		1024
+#include "parser.h"
 
 struct app_pipeline_firewall_rule {
 	struct pipeline_firewall_key key;
@@ -75,18 +73,6 @@ struct app_pipeline_firewall {
 	void *default_rule_entry_ptr;
 };
 
-struct app_pipeline_add_bulk_params {
-	struct pipeline_firewall_key *keys;
-	uint32_t n_keys;
-	uint32_t *priorities;
-	uint32_t *port_ids;
-};
-
-struct app_pipeline_del_bulk_params {
-	struct pipeline_firewall_key *keys;
-	uint32_t n_keys;
-};
-
 static void
 print_firewall_ipv4_rule(struct app_pipeline_firewall_rule *rule)
 {
@@ -272,356 +258,118 @@ app_pipeline_firewall_key_check_and_normalize(struct pipeline_firewall_key *key)
 	}
 }
 
-static int
-app_pipeline_add_bulk_parse_file(char *filename,
-		struct app_pipeline_add_bulk_params *params)
+int
+app_pipeline_firewall_load_file(char *filename,
+	struct pipeline_firewall_key *keys,
+	uint32_t *priorities,
+	uint32_t *port_ids,
+	uint32_t *n_keys,
+	uint32_t *line)
 {
-	FILE *f;
-	char file_buf[BUF_SIZE];
-	uint32_t i;
-	int status = 0;
+	FILE *f = NULL;
+	char file_buf[1024];
+	uint32_t i, l;
 
-	f = fopen(filename, "r");
-	if (f == NULL)
+	/* Check input arguments */
+	if ((filename == NULL) ||
+		(keys == NULL) ||
+		(priorities == NULL) ||
+		(port_ids == NULL) ||
+		(n_keys == NULL) ||
+		(*n_keys == 0) ||
+		(line == NULL)) {
+		if (line)
+			*line = 0;
 		return -1;
-
-	params->n_keys = 0;
-	while (fgets(file_buf, BUF_SIZE, f) != NULL)
-		params->n_keys++;
-	rewind(f);
-
-	if (params->n_keys == 0) {
-		status = -1;
-		goto end;
-	}
-
-	params->keys = rte_malloc(NULL,
-			params->n_keys * sizeof(struct pipeline_firewall_key),
-			RTE_CACHE_LINE_SIZE);
-	if (params->keys == NULL) {
-		status = -1;
-		goto end;
-	}
-
-	params->priorities = rte_malloc(NULL,
-			params->n_keys * sizeof(uint32_t),
-			RTE_CACHE_LINE_SIZE);
-	if (params->priorities == NULL) {
-		status = -1;
-		goto end;
-	}
-
-	params->port_ids = rte_malloc(NULL,
-			params->n_keys * sizeof(uint32_t),
-			RTE_CACHE_LINE_SIZE);
-	if (params->port_ids == NULL) {
-		status = -1;
-		goto end;
-	}
-
-	i = 0;
-	while (fgets(file_buf, BUF_SIZE, f) != NULL) {
-		char *str;
-
-		str = strtok(file_buf, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->priorities[i] = atoi(str);
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
 		}
-		params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.proto = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		/* Need to add 2 to str to skip leading 0x */
-		params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->port_ids[i] = atoi(str);
-		params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
-
-		i++;
-	}
-
-end:
-	fclose(f);
-	return status;
-}
-
-static int
-app_pipeline_del_bulk_parse_file(char *filename,
-		struct app_pipeline_del_bulk_params *params)
-{
-	FILE *f;
-	char file_buf[BUF_SIZE];
-	uint32_t i;
-	int status = 0;
 
+	/* Open input file */
 	f = fopen(filename, "r");
-	if (f == NULL)
+	if (f == NULL) {
+		*line = 0;
 		return -1;
-
-	params->n_keys = 0;
-	while (fgets(file_buf, BUF_SIZE, f) != NULL)
-		params->n_keys++;
-	rewind(f);
-
-	if (params->n_keys == 0) {
-		status = -1;
-		goto end;
-	}
-
-	params->keys = rte_malloc(NULL,
-			params->n_keys * sizeof(struct pipeline_firewall_key),
-			RTE_CACHE_LINE_SIZE);
-	if (params->keys == NULL) {
-		status = -1;
-		goto end;
 	}
 
-	i = 0;
-	while (fgets(file_buf, BUF_SIZE, f) != NULL) {
-		char *str;
-
-		str = strtok(file_buf, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip = atoi(str)<<24;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<16;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str)<<8;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip |= atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_ip_mask = atoi(str);
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip = atoi(str)<<24;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<16;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str)<<8;
-
-		str = strtok(NULL, " .");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip |= atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_ip_mask = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_port_from = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.src_port_to = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_port_from = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.dst_port_to = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		params->keys[i].key.ipv4_5tuple.proto = atoi(str);
-
-		str = strtok(NULL, " ");
-		if (str == NULL) {
-			status = -1;
-			goto end;
-		}
-		/* Need to add 2 to str to skip leading 0x */
-		params->keys[i].key.ipv4_5tuple.proto_mask = strtol(str+2, NULL, 16);
-
-		params->keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+	/* Read file */
+	for (i = 0, l = 1; i < *n_keys; l++) {
+		char *tokens[32];
+		uint32_t n_tokens = RTE_DIM(tokens);
+
+		uint32_t priority = 0;
+		struct in_addr sipaddr;
+		uint32_t sipdepth = 0;
+		struct in_addr dipaddr;
+		uint32_t dipdepth = 0;
+		uint16_t sport0 = 0;
+		uint16_t sport1 = 0;
+		uint16_t dport0 = 0;
+		uint16_t dport1 = 0;
+		uint8_t proto = 0;
+		uint8_t protomask = 0;
+		uint32_t port_id = 0;
+
+		int status;
+
+		if (fgets(file_buf, sizeof(file_buf), f) == NULL)
+			break;
+
+		status = parse_tokenize_string(file_buf, tokens, &n_tokens);
+		if (status)
+			goto error1;
+
+		if ((n_tokens == 0) || (tokens[0][0] == '#'))
+			continue;
+
+		if ((n_tokens != 15) ||
+			strcmp(tokens[0], "priority") ||
+			parser_read_uint32(&priority, tokens[1]) ||
+			strcmp(tokens[2], "ipv4") ||
+			parse_ipv4_addr(tokens[3], &sipaddr) ||
+			parser_read_uint32(&sipdepth, tokens[4]) ||
+			parse_ipv4_addr(tokens[5], &dipaddr) ||
+			parser_read_uint32(&dipdepth, tokens[6]) ||
+			parser_read_uint16(&sport0, tokens[7]) ||
+			parser_read_uint16(&sport1, tokens[8]) ||
+			parser_read_uint16(&dport0, tokens[9]) ||
+			parser_read_uint16(&dport1, tokens[10]) ||
+			parser_read_uint8(&proto, tokens[11]) ||
+			parser_read_uint8_hex(&protomask, tokens[12]) ||
+			strcmp(tokens[13], "port") ||
+			parser_read_uint32(&port_id, tokens[14]))
+			goto error1;
+
+		keys[i].type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+		keys[i].key.ipv4_5tuple.src_ip =
+			rte_be_to_cpu_32(sipaddr.s_addr);
+		keys[i].key.ipv4_5tuple.src_ip_mask = sipdepth;
+		keys[i].key.ipv4_5tuple.dst_ip =
+			rte_be_to_cpu_32(dipaddr.s_addr);
+		keys[i].key.ipv4_5tuple.dst_ip_mask = dipdepth;
+		keys[i].key.ipv4_5tuple.src_port_from = sport0;
+		keys[i].key.ipv4_5tuple.src_port_to = sport1;
+		keys[i].key.ipv4_5tuple.dst_port_from = dport0;
+		keys[i].key.ipv4_5tuple.dst_port_to = dport1;
+		keys[i].key.ipv4_5tuple.proto = proto;
+		keys[i].key.ipv4_5tuple.proto_mask = protomask;
+
+		port_ids[i] = port_id;
+		priorities[i] = priority;
+
+		if (app_pipeline_firewall_key_check_and_normalize(&keys[i]))
+			goto error1;
 
 		i++;
 	}
 
-	for (i = 0; i < params->n_keys; i++) {
-		if (app_pipeline_firewall_key_check_and_normalize(&params->keys[i]) != 0) {
-			status = -1;
-			goto end;
-		}
-	}
+	/* Close file */
+	*n_keys = i;
+	fclose(f);
+	return 0;
 
-end:
+error1:
+	*line = l;
 	fclose(f);
-	return status;
+	return -1;
 }
 
 int
@@ -804,14 +552,14 @@ app_pipeline_firewall_add_bulk(struct app_params *app,
 		return -1;
 
 	rules = rte_malloc(NULL,
-			n_keys * sizeof(struct app_pipeline_firewall_rule *),
-			RTE_CACHE_LINE_SIZE);
+		n_keys * sizeof(struct app_pipeline_firewall_rule *),
+		RTE_CACHE_LINE_SIZE);
 	if (rules == NULL)
 		return -1;
 
 	new_rules = rte_malloc(NULL,
-			n_keys * sizeof(int),
-			RTE_CACHE_LINE_SIZE);
+		n_keys * sizeof(int),
+		RTE_CACHE_LINE_SIZE);
 	if (new_rules == NULL) {
 		rte_free(rules);
 		return -1;
@@ -834,8 +582,9 @@ app_pipeline_firewall_add_bulk(struct app_params *app,
 		rules[i] = app_pipeline_firewall_rule_find(p, &keys[i]);
 		new_rules[i] = (rules[i] == NULL);
 		if (rules[i] == NULL) {
-			rules[i] = rte_malloc(NULL, sizeof(*rules[i]),
-					RTE_CACHE_LINE_SIZE);
+			rules[i] = rte_malloc(NULL,
+				sizeof(*rules[i]),
+				RTE_CACHE_LINE_SIZE);
 
 			if (rules[i] == NULL) {
 				uint32_t j;
@@ -852,8 +601,8 @@ app_pipeline_firewall_add_bulk(struct app_params *app,
 	}
 
 	keys_found = rte_malloc(NULL,
-			n_keys * sizeof(int),
-			RTE_CACHE_LINE_SIZE);
+		n_keys * sizeof(int),
+		RTE_CACHE_LINE_SIZE);
 	if (keys_found == NULL) {
 		uint32_t j;
 
@@ -867,8 +616,8 @@ app_pipeline_firewall_add_bulk(struct app_params *app,
 	}
 
 	entries_ptr = rte_malloc(NULL,
-			n_keys * sizeof(struct rte_pipeline_table_entry *),
-			RTE_CACHE_LINE_SIZE);
+		n_keys * sizeof(struct rte_pipeline_table_entry *),
+		RTE_CACHE_LINE_SIZE);
 	if (entries_ptr == NULL) {
 		uint32_t j;
 
@@ -883,8 +632,8 @@ app_pipeline_firewall_add_bulk(struct app_params *app,
 	}
 	for (i = 0; i < n_keys; i++) {
 		entries_ptr[i] = rte_malloc(NULL,
-				sizeof(struct rte_pipeline_table_entry),
-				RTE_CACHE_LINE_SIZE);
+			sizeof(struct rte_pipeline_table_entry),
+			RTE_CACHE_LINE_SIZE);
 
 		if (entries_ptr[i] == NULL) {
 			uint32_t j;
@@ -1030,8 +779,8 @@ app_pipeline_firewall_delete_bulk(struct app_params *app,
 		return -1;
 
 	rules = rte_malloc(NULL,
-			n_keys * sizeof(struct app_pipeline_firewall_rule *),
-			RTE_CACHE_LINE_SIZE);
+		n_keys * sizeof(struct app_pipeline_firewall_rule *),
+		RTE_CACHE_LINE_SIZE);
 	if (rules == NULL)
 		return -1;
 
@@ -1044,8 +793,8 @@ app_pipeline_firewall_delete_bulk(struct app_params *app,
 	}
 
 	keys_found = rte_malloc(NULL,
-			n_keys * sizeof(int),
-			RTE_CACHE_LINE_SIZE);
+		n_keys * sizeof(int),
+		RTE_CACHE_LINE_SIZE);
 	if (keys_found == NULL) {
 		rte_free(rules);
 		return -1;
@@ -1197,662 +946,492 @@ app_pipeline_firewall_delete_default_rule(struct app_params *app,
 }
 
 /*
- * p firewall add ipv4
+ * firewall
+ *
+ * firewall add:
+ *    p <pipelineid> firewall add priority <priority>
+ *       ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>
+ *       <sport0> <sport1> <dport0> <dport1> <proto> <protomask>
+ *       port <portid>
+ *       Note: <protomask> is a hex value
+ *
+ *    p <pipelineid> firewall add bulk <file>
+ *
+ * firewall add default:
+ *    p <pipelineid> firewall add default <port ID>
+ *
+ * firewall del:
+ *    p <pipelineid> firewall del
+ *       ipv4 <sipaddr> <sipdepth> <dipaddr> <dipdepth>
+ *       <sport0> <sport1> <dport0> <dport1> <proto> <protomask>
+ *
+ *    p <pipelineid> firewall del bulk <file>
+ *
+ * firewall del default:
+ *    p <pipelineid> firewall del default
+ *
+ * firewall ls:
+ *    p <pipelineid> firewall ls
  */
 
-struct cmd_firewall_add_ipv4_result {
+struct cmd_firewall_result {
 	cmdline_fixed_string_t p_string;
 	uint32_t pipeline_id;
 	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t add_string;
-	cmdline_fixed_string_t ipv4_string;
-	int32_t priority;
-	cmdline_ipaddr_t src_ip;
-	uint32_t src_ip_mask;
-	cmdline_ipaddr_t dst_ip;
-	uint32_t dst_ip_mask;
-	uint16_t src_port_from;
-	uint16_t src_port_to;
-	uint16_t dst_port_from;
-	uint16_t dst_port_to;
-	uint8_t proto;
-	uint8_t proto_mask;
-	uint8_t port_id;
+	cmdline_multi_string_t multi_string;
 };
 
-static void
-cmd_firewall_add_ipv4_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
+static void cmd_firewall_parsed(void *parsed_result,
+	__attribute__((unused))  struct cmdline *cl,
 	void *data)
 {
-	struct cmd_firewall_add_ipv4_result *params = parsed_result;
+	struct cmd_firewall_result *params = parsed_result;
 	struct app_params *app = data;
-	struct pipeline_firewall_key key;
 	int status;
 
-	key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
-	key.key.ipv4_5tuple.src_ip = rte_bswap32(
-		(uint32_t) params->src_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
-	key.key.ipv4_5tuple.dst_ip = rte_bswap32(
-		(uint32_t) params->dst_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
-	key.key.ipv4_5tuple.src_port_from = params->src_port_from;
-	key.key.ipv4_5tuple.src_port_to = params->src_port_to;
-	key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
-	key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
-	key.key.ipv4_5tuple.proto = params->proto;
-	key.key.ipv4_5tuple.proto_mask = params->proto_mask;
-
-	status = app_pipeline_firewall_add_rule(app,
-		params->pipeline_id,
-		&key,
-		params->priority,
-		params->port_id);
-
-	if (status != 0) {
-		printf("Command failed\n");
-		return;
-	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result, p_string,
-		"p");
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, pipeline_id,
-		UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		add_string, "add");
-
-cmdline_parse_token_string_t cmd_firewall_add_ipv4_ipv4_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		ipv4_string, "ipv4");
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_priority =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, priority,
-		INT32);
-
-cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_src_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip);
+	char *tokens[17];
+	uint32_t n_tokens = RTE_DIM(tokens);
 
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, src_ip_mask,
-		UINT32);
-
-cmdline_parse_token_ipaddr_t cmd_firewall_add_ipv4_dst_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result, dst_ip_mask,
-		UINT32);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		src_port_from, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_src_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		src_port_to, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		dst_port_from, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_dst_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		dst_port_to, UINT16);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		proto, UINT8);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_proto_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		proto_mask, UINT8);
-
-cmdline_parse_token_num_t cmd_firewall_add_ipv4_port_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_ipv4_result,
-		port_id, UINT8);
-
-cmdline_parse_inst_t cmd_firewall_add_ipv4 = {
-	.f = cmd_firewall_add_ipv4_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule add",
-	.tokens = {
-		(void *) &cmd_firewall_add_ipv4_p_string,
-		(void *) &cmd_firewall_add_ipv4_pipeline_id,
-		(void *) &cmd_firewall_add_ipv4_firewall_string,
-		(void *) &cmd_firewall_add_ipv4_add_string,
-		(void *) &cmd_firewall_add_ipv4_ipv4_string,
-		(void *) &cmd_firewall_add_ipv4_priority,
-		(void *) &cmd_firewall_add_ipv4_src_ip,
-		(void *) &cmd_firewall_add_ipv4_src_ip_mask,
-		(void *) &cmd_firewall_add_ipv4_dst_ip,
-		(void *) &cmd_firewall_add_ipv4_dst_ip_mask,
-		(void *) &cmd_firewall_add_ipv4_src_port_from,
-		(void *) &cmd_firewall_add_ipv4_src_port_to,
-		(void *) &cmd_firewall_add_ipv4_dst_port_from,
-		(void *) &cmd_firewall_add_ipv4_dst_port_to,
-		(void *) &cmd_firewall_add_ipv4_proto,
-		(void *) &cmd_firewall_add_ipv4_proto_mask,
-		(void *) &cmd_firewall_add_ipv4_port_id,
-		NULL,
-	},
-};
-
-/*
- * p firewall del ipv4
- */
-
-struct cmd_firewall_del_ipv4_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t del_string;
-	cmdline_fixed_string_t ipv4_string;
-	cmdline_ipaddr_t src_ip;
-	uint32_t src_ip_mask;
-	cmdline_ipaddr_t dst_ip;
-	uint32_t dst_ip_mask;
-	uint16_t src_port_from;
-	uint16_t src_port_to;
-	uint16_t dst_port_from;
-	uint16_t dst_port_to;
-	uint8_t proto;
-	uint8_t proto_mask;
-};
-
-static void
-cmd_firewall_del_ipv4_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_del_ipv4_result *params = parsed_result;
-	struct app_params *app = data;
-	struct pipeline_firewall_key key;
-	int status;
-
-	key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
-	key.key.ipv4_5tuple.src_ip = rte_bswap32(
-		(uint32_t) params->src_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.src_ip_mask = params->src_ip_mask;
-	key.key.ipv4_5tuple.dst_ip = rte_bswap32(
-		(uint32_t) params->dst_ip.addr.ipv4.s_addr);
-	key.key.ipv4_5tuple.dst_ip_mask = params->dst_ip_mask;
-	key.key.ipv4_5tuple.src_port_from = params->src_port_from;
-	key.key.ipv4_5tuple.src_port_to = params->src_port_to;
-	key.key.ipv4_5tuple.dst_port_from = params->dst_port_from;
-	key.key.ipv4_5tuple.dst_port_to = params->dst_port_to;
-	key.key.ipv4_5tuple.proto = params->proto;
-	key.key.ipv4_5tuple.proto_mask = params->proto_mask;
-
-	status = app_pipeline_firewall_delete_rule(app,
-		params->pipeline_id,
-		&key);
-
-	if (status != 0) {
-		printf("Command failed\n");
+	status = parse_tokenize_string(params->multi_string, tokens, &n_tokens);
+	if (status) {
+		printf(CMD_MSG_TOO_MANY_ARGS, "firewall");
 		return;
 	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result, p_string,
-		"p");
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, pipeline_id,
-		UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_del_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		del_string, "del");
 
-cmdline_parse_token_string_t cmd_firewall_del_ipv4_ipv4_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		ipv4_string, "ipv4");
-
-cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_src_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_ip_mask,
-		UINT32);
-
-cmdline_parse_token_ipaddr_t cmd_firewall_del_ipv4_dst_ip =
-	TOKEN_IPV4_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip);
-
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_ip_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, dst_ip_mask,
-		UINT32);
+	/* firewall add */
+	if ((n_tokens >= 2) &&
+		(strcmp(tokens[0], "add") == 0) &&
+		(strcmp(tokens[1], "priority") == 0)) {
+		struct pipeline_firewall_key key;
+		uint32_t priority;
+		struct in_addr sipaddr;
+		uint32_t sipdepth;
+		struct in_addr dipaddr;
+		uint32_t dipdepth;
+		uint16_t sport0;
+		uint16_t sport1;
+		uint16_t dport0;
+		uint16_t dport1;
+		uint8_t proto;
+		uint8_t protomask;
+		uint32_t port_id;
+
+		memset(&key, 0, sizeof(key));
+
+		if (n_tokens != 16) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall add");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		src_port_from, UINT16);
+		if (parser_read_uint32(&priority, tokens[2])) {
+			printf(CMD_MSG_INVALID_ARG, "priority");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_src_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, src_port_to,
-		UINT16);
+		if (strcmp(tokens[3], "ipv4")) {
+			printf(CMD_MSG_ARG_NOT_FOUND, "ipv4");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_from =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		dst_port_from, UINT16);
+		if (parse_ipv4_addr(tokens[4], &sipaddr)) {
+			printf(CMD_MSG_INVALID_ARG, "sipaddr");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_dst_port_to =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		dst_port_to, UINT16);
+		if (parser_read_uint32(&sipdepth, tokens[5])) {
+			printf(CMD_MSG_INVALID_ARG, "sipdepth");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result,
-		proto, UINT8);
+		if (parse_ipv4_addr(tokens[6], &dipaddr)) {
+			printf(CMD_MSG_INVALID_ARG, "dipaddr");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_ipv4_proto_mask =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_ipv4_result, proto_mask,
-		UINT8);
+		if (parser_read_uint32(&dipdepth, tokens[7])) {
+			printf(CMD_MSG_INVALID_ARG, "dipdepth");
+			return;
+		}
 
-cmdline_parse_inst_t cmd_firewall_del_ipv4 = {
-	.f = cmd_firewall_del_ipv4_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule delete",
-	.tokens = {
-		(void *) &cmd_firewall_del_ipv4_p_string,
-		(void *) &cmd_firewall_del_ipv4_pipeline_id,
-		(void *) &cmd_firewall_del_ipv4_firewall_string,
-		(void *) &cmd_firewall_del_ipv4_del_string,
-		(void *) &cmd_firewall_del_ipv4_ipv4_string,
-		(void *) &cmd_firewall_del_ipv4_src_ip,
-		(void *) &cmd_firewall_del_ipv4_src_ip_mask,
-		(void *) &cmd_firewall_del_ipv4_dst_ip,
-		(void *) &cmd_firewall_del_ipv4_dst_ip_mask,
-		(void *) &cmd_firewall_del_ipv4_src_port_from,
-		(void *) &cmd_firewall_del_ipv4_src_port_to,
-		(void *) &cmd_firewall_del_ipv4_dst_port_from,
-		(void *) &cmd_firewall_del_ipv4_dst_port_to,
-		(void *) &cmd_firewall_del_ipv4_proto,
-		(void *) &cmd_firewall_del_ipv4_proto_mask,
-		NULL,
-	},
-};
+		if (parser_read_uint16(&sport0, tokens[8])) {
+			printf(CMD_MSG_INVALID_ARG, "sport0");
+			return;
+		}
 
-/*
- * p firewall add bulk
- */
+		if (parser_read_uint16(&sport1, tokens[9])) {
+			printf(CMD_MSG_INVALID_ARG, "sport1");
+			return;
+		}
 
-struct cmd_firewall_add_bulk_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t add_string;
-	cmdline_fixed_string_t bulk_string;
-	cmdline_fixed_string_t file_path;
-};
+		if (parser_read_uint16(&dport0, tokens[10])) {
+			printf(CMD_MSG_INVALID_ARG, "dport0");
+			return;
+		}
 
-static void
-cmd_firewall_add_bulk_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_add_bulk_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
+		if (parser_read_uint16(&dport1, tokens[11])) {
+			printf(CMD_MSG_INVALID_ARG, "dport1");
+			return;
+		}
 
-	struct app_pipeline_add_bulk_params add_bulk_params;
+		if (parser_read_uint8(&proto, tokens[12])) {
+			printf(CMD_MSG_INVALID_ARG, "proto");
+			return;
+		}
 
-	status = app_pipeline_add_bulk_parse_file(params->file_path, &add_bulk_params);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
-	}
+		if (parser_read_uint8_hex(&protomask, tokens[13])) {
+			printf(CMD_MSG_INVALID_ARG, "protomask");
+			return;
+		}
 
-	status = app_pipeline_firewall_add_bulk(app, params->pipeline_id, add_bulk_params.keys,
-			add_bulk_params.n_keys, add_bulk_params.priorities, add_bulk_params.port_ids);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
-	}
+		if (strcmp(tokens[14], "port")) {
+			printf(CMD_MSG_ARG_NOT_FOUND, "port");
+			return;
+		}
 
-end:
-	rte_free(add_bulk_params.keys);
-	rte_free(add_bulk_params.priorities);
-	rte_free(add_bulk_params.port_ids);
-}
+		if (parser_read_uint32(&port_id, tokens[15])) {
+			printf(CMD_MSG_INVALID_ARG, "portid");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_add_bulk_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result, p_string,
-		"p");
+		key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+		key.key.ipv4_5tuple.src_ip = rte_be_to_cpu_32(sipaddr.s_addr);
+		key.key.ipv4_5tuple.src_ip_mask = sipdepth;
+		key.key.ipv4_5tuple.dst_ip = rte_be_to_cpu_32(dipaddr.s_addr);
+		key.key.ipv4_5tuple.dst_ip_mask = dipdepth;
+		key.key.ipv4_5tuple.src_port_from = sport0;
+		key.key.ipv4_5tuple.src_port_to = sport1;
+		key.key.ipv4_5tuple.dst_port_from = dport0;
+		key.key.ipv4_5tuple.dst_port_to = dport1;
+		key.key.ipv4_5tuple.proto = proto;
+		key.key.ipv4_5tuple.proto_mask = protomask;
+
+		status = app_pipeline_firewall_add_rule(app,
+			params->pipeline_id,
+			&key,
+			priority,
+			port_id);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall add");
 
-cmdline_parse_token_num_t cmd_firewall_add_bulk_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_bulk_result, pipeline_id,
-		UINT32);
+		return;
+	} /* firewall add */
+
+	/* firewall add bulk */
+	if ((n_tokens >= 2) &&
+		(strcmp(tokens[0], "add") == 0) &&
+		(strcmp(tokens[1], "bulk") == 0)) {
+		struct pipeline_firewall_key *keys;
+		uint32_t *priorities, *port_ids, n_keys, line;
+		char *filename;
+
+		if (n_tokens != 3) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall add bulk");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_add_bulk_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		firewall_string, "firewall");
+		filename = tokens[2];
 
-cmdline_parse_token_string_t cmd_firewall_add_bulk_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		add_string, "add");
+		n_keys = APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE;
+		keys = malloc(n_keys * sizeof(struct pipeline_firewall_key));
+		if (keys == NULL) {
+			printf(CMD_MSG_OUT_OF_MEMORY);
+			return;
+		}
+		memset(keys, 0, n_keys * sizeof(struct pipeline_firewall_key));
 
-cmdline_parse_token_string_t cmd_firewall_add_bulk_bulk_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		bulk_string, "bulk");
+		priorities = malloc(n_keys * sizeof(uint32_t));
+		if (priorities == NULL) {
+			printf(CMD_MSG_OUT_OF_MEMORY);
+			free(keys);
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_add_bulk_file_path_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_bulk_result,
-		file_path, NULL);
+		port_ids = malloc(n_keys * sizeof(uint32_t));
+		if (port_ids == NULL) {
+			printf(CMD_MSG_OUT_OF_MEMORY);
+			free(priorities);
+			free(keys);
+			return;
+		}
 
-cmdline_parse_inst_t cmd_firewall_add_bulk = {
-	.f = cmd_firewall_add_bulk_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule add bulk",
-	.tokens = {
-		(void *) &cmd_firewall_add_bulk_p_string,
-		(void *) &cmd_firewall_add_bulk_pipeline_id,
-		(void *) &cmd_firewall_add_bulk_firewall_string,
-		(void *) &cmd_firewall_add_bulk_add_string,
-		(void *) &cmd_firewall_add_bulk_bulk_string,
-		(void *) &cmd_firewall_add_bulk_file_path_string,
-		NULL,
-	},
-};
+		status = app_pipeline_firewall_load_file(filename,
+			keys,
+			priorities,
+			port_ids,
+			&n_keys,
+			&line);
+		if (status != 0) {
+			printf(CMD_MSG_FILE_ERR, filename, line);
+			free(port_ids);
+			free(priorities);
+			free(keys);
+			return;
+		}
 
-/*
- * p firewall del bulk
- */
+		status = app_pipeline_firewall_add_bulk(app,
+			params->pipeline_id,
+			keys,
+			n_keys,
+			priorities,
+			port_ids);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall add bulk");
+
+		free(keys);
+		free(priorities);
+		free(port_ids);
+		return;
+	} /* firewall add bulk */
 
-struct cmd_firewall_del_bulk_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t del_string;
-	cmdline_fixed_string_t bulk_string;
-	cmdline_fixed_string_t file_path;
-};
+	/* firewall add default */
+	if ((n_tokens >= 2) &&
+		(strcmp(tokens[0], "add") == 0) &&
+		(strcmp(tokens[1], "default") == 0)) {
+		uint32_t port_id;
 
-static void
-cmd_firewall_del_bulk_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_del_bulk_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
+		if (n_tokens != 3) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall add default");
+			return;
+		}
 
-	struct app_pipeline_del_bulk_params del_bulk_params;
+		if (parser_read_uint32(&port_id, tokens[2])) {
+			printf(CMD_MSG_INVALID_ARG, "portid");
+			return;
+		}
 
-	status = app_pipeline_del_bulk_parse_file(params->file_path, &del_bulk_params);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
-	}
+		status = app_pipeline_firewall_add_default_rule(app,
+			params->pipeline_id,
+			port_id);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall add default");
 
-	status = app_pipeline_firewall_delete_bulk(app, params->pipeline_id,
-			del_bulk_params.keys, del_bulk_params.n_keys);
-	if (status != 0) {
-		printf("Command failed\n");
-		goto end;
-	}
+		return;
+	} /* firewall add default */
+
+	/* firewall del */
+	if ((n_tokens >= 2) &&
+		(strcmp(tokens[0], "del") == 0) &&
+		(strcmp(tokens[1], "ipv4") == 0)) {
+		struct pipeline_firewall_key key;
+		struct in_addr sipaddr;
+		uint32_t sipdepth;
+		struct in_addr dipaddr;
+		uint32_t dipdepth;
+		uint16_t sport0;
+		uint16_t sport1;
+		uint16_t dport0;
+		uint16_t dport1;
+		uint8_t proto;
+		uint8_t protomask;
+
+		memset(&key, 0, sizeof(key));
+
+		if (n_tokens != 12) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall del");
+			return;
+		}
 
-end:
-	rte_free(del_bulk_params.keys);
-}
+		if (parse_ipv4_addr(tokens[2], &sipaddr)) {
+			printf(CMD_MSG_INVALID_ARG, "sipaddr");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_del_bulk_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result, p_string,
-		"p");
+		if (parser_read_uint32(&sipdepth, tokens[3])) {
+			printf(CMD_MSG_INVALID_ARG, "sipdepth");
+			return;
+		}
 
-cmdline_parse_token_num_t cmd_firewall_del_bulk_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_bulk_result, pipeline_id,
-		UINT32);
+		if (parse_ipv4_addr(tokens[4], &dipaddr)) {
+			printf(CMD_MSG_INVALID_ARG, "dipaddr");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_del_bulk_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		firewall_string, "firewall");
+		if (parser_read_uint32(&dipdepth, tokens[5])) {
+			printf(CMD_MSG_INVALID_ARG, "dipdepth");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_del_bulk_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		del_string, "del");
+		if (parser_read_uint16(&sport0, tokens[6])) {
+			printf(CMD_MSG_INVALID_ARG, "sport0");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_del_bulk_bulk_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		bulk_string, "bulk");
+		if (parser_read_uint16(&sport1, tokens[7])) {
+			printf(CMD_MSG_INVALID_ARG, "sport1");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_del_bulk_file_path_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_bulk_result,
-		file_path, NULL);
+		if (parser_read_uint16(&dport0, tokens[8])) {
+			printf(CMD_MSG_INVALID_ARG, "dport0");
+			return;
+		}
 
-cmdline_parse_inst_t cmd_firewall_del_bulk = {
-	.f = cmd_firewall_del_bulk_parsed,
-	.data = NULL,
-	.help_str = "Firewall rule del bulk",
-	.tokens = {
-		(void *) &cmd_firewall_del_bulk_p_string,
-		(void *) &cmd_firewall_del_bulk_pipeline_id,
-		(void *) &cmd_firewall_del_bulk_firewall_string,
-		(void *) &cmd_firewall_del_bulk_add_string,
-		(void *) &cmd_firewall_del_bulk_bulk_string,
-		(void *) &cmd_firewall_del_bulk_file_path_string,
-		NULL,
-	},
-};
+		if (parser_read_uint16(&dport1, tokens[9])) {
+			printf(CMD_MSG_INVALID_ARG, "dport1");
+			return;
+		}
 
-/*
- * p firewall add default
- */
-struct cmd_firewall_add_default_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t add_string;
-	cmdline_fixed_string_t default_string;
-	uint8_t port_id;
-};
+		if (parser_read_uint8(&proto, tokens[10])) {
+			printf(CMD_MSG_INVALID_ARG, "proto");
+			return;
+		}
 
-static void
-cmd_firewall_add_default_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_add_default_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
+		if (parser_read_uint8_hex(&protomask, tokens[11])) {
+			printf(CMD_MSG_INVALID_ARG, "protomask");
+			return;
+		}
 
-	status = app_pipeline_firewall_add_default_rule(app,
-		params->pipeline_id,
-		params->port_id);
+		key.type = PIPELINE_FIREWALL_IPV4_5TUPLE;
+		key.key.ipv4_5tuple.src_ip = rte_be_to_cpu_32(sipaddr.s_addr);
+		key.key.ipv4_5tuple.src_ip_mask = sipdepth;
+		key.key.ipv4_5tuple.dst_ip = rte_be_to_cpu_32(dipaddr.s_addr);
+		key.key.ipv4_5tuple.dst_ip_mask = dipdepth;
+		key.key.ipv4_5tuple.src_port_from = sport0;
+		key.key.ipv4_5tuple.src_port_to = sport1;
+		key.key.ipv4_5tuple.dst_port_from = dport0;
+		key.key.ipv4_5tuple.dst_port_to = dport1;
+		key.key.ipv4_5tuple.proto = proto;
+		key.key.ipv4_5tuple.proto_mask = protomask;
+
+		status = app_pipeline_firewall_delete_rule(app,
+			params->pipeline_id,
+			&key);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall del");
 
-	if (status != 0) {
-		printf("Command failed\n");
 		return;
-	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_add_default_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-		p_string, "p");
-
-cmdline_parse_token_num_t cmd_firewall_add_default_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result,
-		pipeline_id, UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_add_default_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-	firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_add_default_add_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-	add_string, "add");
+	} /* firewall del */
+
+	/* firewall del bulk */
+	if ((n_tokens >= 2) &&
+		(strcmp(tokens[0], "del") == 0) &&
+		(strcmp(tokens[1], "bulk") == 0)) {
+		struct pipeline_firewall_key *keys;
+		uint32_t *priorities, *port_ids, n_keys, line;
+		char *filename;
+
+		if (n_tokens != 3) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall del bulk");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_add_default_default_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_add_default_result,
-		default_string, "default");
+		filename = tokens[2];
 
-cmdline_parse_token_num_t cmd_firewall_add_default_port_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_add_default_result, port_id,
-		UINT8);
+		n_keys = APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE;
+		keys = malloc(n_keys * sizeof(struct pipeline_firewall_key));
+		if (keys == NULL) {
+			printf(CMD_MSG_OUT_OF_MEMORY);
+			return;
+		}
+		memset(keys, 0, n_keys * sizeof(struct pipeline_firewall_key));
 
-cmdline_parse_inst_t cmd_firewall_add_default = {
-	.f = cmd_firewall_add_default_parsed,
-	.data = NULL,
-	.help_str = "Firewall default rule add",
-	.tokens = {
-		(void *) &cmd_firewall_add_default_p_string,
-		(void *) &cmd_firewall_add_default_pipeline_id,
-		(void *) &cmd_firewall_add_default_firewall_string,
-		(void *) &cmd_firewall_add_default_add_string,
-		(void *) &cmd_firewall_add_default_default_string,
-		(void *) &cmd_firewall_add_default_port_id,
-		NULL,
-	},
-};
+		priorities = malloc(n_keys * sizeof(uint32_t));
+		if (priorities == NULL) {
+			printf(CMD_MSG_OUT_OF_MEMORY);
+			free(keys);
+			return;
+		}
 
-/*
- * p firewall del default
- */
-struct cmd_firewall_del_default_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t del_string;
-	cmdline_fixed_string_t default_string;
-};
+		port_ids = malloc(n_keys * sizeof(uint32_t));
+		if (port_ids == NULL) {
+			printf(CMD_MSG_OUT_OF_MEMORY);
+			free(priorities);
+			free(keys);
+			return;
+		}
 
-static void
-cmd_firewall_del_default_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_del_default_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
+		status = app_pipeline_firewall_load_file(filename,
+			keys,
+			priorities,
+			port_ids,
+			&n_keys,
+			&line);
+		if (status != 0) {
+			printf(CMD_MSG_FILE_ERR, filename, line);
+			free(port_ids);
+			free(priorities);
+			free(keys);
+			return;
+		}
 
-	status = app_pipeline_firewall_delete_default_rule(app,
-		params->pipeline_id);
+		status = app_pipeline_firewall_delete_bulk(app,
+			params->pipeline_id,
+			keys,
+			n_keys);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall del bulk");
 
-	if (status != 0) {
-		printf("Command failed\n");
+		free(port_ids);
+		free(priorities);
+		free(keys);
 		return;
-	}
-}
-
-cmdline_parse_token_string_t cmd_firewall_del_default_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-		p_string, "p");
-
-cmdline_parse_token_num_t cmd_firewall_del_default_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_del_default_result,
-		pipeline_id, UINT32);
-
-cmdline_parse_token_string_t cmd_firewall_del_default_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-	firewall_string, "firewall");
-
-cmdline_parse_token_string_t cmd_firewall_del_default_del_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-		del_string, "del");
+	} /* firewall del bulk */
+
+	/* firewall del default */
+	if ((n_tokens >= 2) &&
+		(strcmp(tokens[0], "del") == 0) &&
+		(strcmp(tokens[1], "default") == 0)) {
+		if (n_tokens != 2) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall del default");
+			return;
+		}
 
-cmdline_parse_token_string_t cmd_firewall_del_default_default_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_del_default_result,
-		default_string, "default");
+		status = app_pipeline_firewall_delete_default_rule(app,
+			params->pipeline_id);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall del default");
 
-cmdline_parse_inst_t cmd_firewall_del_default = {
-	.f = cmd_firewall_del_default_parsed,
-	.data = NULL,
-	.help_str = "Firewall default rule delete",
-	.tokens = {
-		(void *) &cmd_firewall_del_default_p_string,
-		(void *) &cmd_firewall_del_default_pipeline_id,
-		(void *) &cmd_firewall_del_default_firewall_string,
-		(void *) &cmd_firewall_del_default_del_string,
-		(void *) &cmd_firewall_del_default_default_string,
-		NULL,
-	},
-};
+		return;
 
-/*
- * p firewall ls
- */
+	} /* firewall del default */
 
-struct cmd_firewall_ls_result {
-	cmdline_fixed_string_t p_string;
-	uint32_t pipeline_id;
-	cmdline_fixed_string_t firewall_string;
-	cmdline_fixed_string_t ls_string;
-};
-
-static void
-cmd_firewall_ls_parsed(
-	void *parsed_result,
-	__attribute__((unused)) struct cmdline *cl,
-	void *data)
-{
-	struct cmd_firewall_ls_result *params = parsed_result;
-	struct app_params *app = data;
-	int status;
+	/* firewall ls */
+	if ((n_tokens >= 1) && (strcmp(tokens[0], "ls") == 0)) {
+		if (n_tokens != 1) {
+			printf(CMD_MSG_MISMATCH_ARGS, "firewall ls");
+			return;
+		}
 
-	status = app_pipeline_firewall_ls(app, params->pipeline_id);
+		status = app_pipeline_firewall_ls(app, params->pipeline_id);
+		if (status)
+			printf(CMD_MSG_FAIL, "firewall ls");
 
-	if (status != 0) {
-		printf("Command failed\n");
 		return;
-	}
+	} /* firewall ls */
+
+	printf(CMD_MSG_MISMATCH_ARGS, "firewall");
 }
 
-cmdline_parse_token_string_t cmd_firewall_ls_p_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, p_string,
-		"p");
+static cmdline_parse_token_string_t cmd_firewall_p_string =
+	TOKEN_STRING_INITIALIZER(struct cmd_firewall_result, p_string, "p");
 
-cmdline_parse_token_num_t cmd_firewall_ls_pipeline_id =
-	TOKEN_NUM_INITIALIZER(struct cmd_firewall_ls_result, pipeline_id,
-		UINT32);
+static cmdline_parse_token_num_t cmd_firewall_pipeline_id =
+	TOKEN_NUM_INITIALIZER(struct cmd_firewall_result, pipeline_id, UINT32);
 
-cmdline_parse_token_string_t cmd_firewall_ls_firewall_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result,
-	firewall_string, "firewall");
+static cmdline_parse_token_string_t cmd_firewall_firewall_string =
+	TOKEN_STRING_INITIALIZER(struct cmd_firewall_result, firewall_string,
+	"firewall");
 
-cmdline_parse_token_string_t cmd_firewall_ls_ls_string =
-	TOKEN_STRING_INITIALIZER(struct cmd_firewall_ls_result, ls_string,
-	"ls");
+static cmdline_parse_token_string_t cmd_firewall_multi_string =
+	TOKEN_STRING_INITIALIZER(struct cmd_firewall_result, multi_string,
+	TOKEN_STRING_MULTI);
 
-cmdline_parse_inst_t cmd_firewall_ls = {
-	.f = cmd_firewall_ls_parsed,
+static cmdline_parse_inst_t cmd_firewall = {
+	.f = cmd_firewall_parsed,
 	.data = NULL,
-	.help_str = "Firewall rule list",
+	.help_str =	"firewall add / add bulk / add default / del / del bulk"
+		" / del default / ls",
 	.tokens = {
-		(void *) &cmd_firewall_ls_p_string,
-		(void *) &cmd_firewall_ls_pipeline_id,
-		(void *) &cmd_firewall_ls_firewall_string,
-		(void *) &cmd_firewall_ls_ls_string,
+		(void *) &cmd_firewall_p_string,
+		(void *) &cmd_firewall_pipeline_id,
+		(void *) &cmd_firewall_firewall_string,
+		(void *) &cmd_firewall_multi_string,
 		NULL,
 	},
 };
 
 static cmdline_parse_ctx_t pipeline_cmds[] = {
-	(cmdline_parse_inst_t *) &cmd_firewall_add_ipv4,
-	(cmdline_parse_inst_t *) &cmd_firewall_del_ipv4,
-	(cmdline_parse_inst_t *) &cmd_firewall_add_bulk,
-	(cmdline_parse_inst_t *) &cmd_firewall_del_bulk,
-	(cmdline_parse_inst_t *) &cmd_firewall_add_default,
-	(cmdline_parse_inst_t *) &cmd_firewall_del_default,
-	(cmdline_parse_inst_t *) &cmd_firewall_ls,
+	(cmdline_parse_inst_t *) &cmd_firewall,
 	NULL,
 };
 
diff --git a/examples/ip_pipeline/pipeline/pipeline_firewall.h b/examples/ip_pipeline/pipeline/pipeline_firewall.h
index ccc4e64..aa79a2a 100644
--- a/examples/ip_pipeline/pipeline/pipeline_firewall.h
+++ b/examples/ip_pipeline/pipeline/pipeline_firewall.h
@@ -72,6 +72,18 @@ int
 app_pipeline_firewall_delete_default_rule(struct app_params *app,
 	uint32_t pipeline_id);
 
+#ifndef APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE
+#define APP_PIPELINE_FIREWALL_MAX_RULES_IN_FILE		65536
+#endif
+
+int
+app_pipeline_firewall_load_file(char *filename,
+	struct pipeline_firewall_key *keys,
+	uint32_t *priorities,
+	uint32_t *port_ids,
+	uint32_t *n_keys,
+	uint32_t *line);
+
 extern struct pipeline_type pipeline_firewall;
 
 #endif