Merge pull request #3095 from vyos/mergify/bp/sagitta/pr-3087

T6061: fix rule parsing when connection-status is used (backport #3087)
author: Christian Breunig <christian@breunig.cc> 2024-03-06 06:50:45 +0100
committer: GitHub <noreply@github.com> 2024-03-06 06:50:45 +0100
commit: 82d40098e3f2d53e2c851e8ffb165d7814c60f0f (patch)
tree: 01b08c3e602f7fcf254560191f478ed63f53da47
parent: feb83f2f2b9f1d48bb5389ca5244b56edf2efbc8 (diff)
parent: 2f232841a544fb3d602831cf0b2c95c447a245ea (diff)
download: vyos-1x-82d40098e3f2d53e2c851e8ffb165d7814c60f0f.tar.gz
vyos-1x-82d40098e3f2d53e2c851e8ffb165d7814c60f0f.zip
2 files changed, 4 insertions, 4 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 49e095946..e70b4f0d9 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -136,10 +136,10 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
     if 'connection_status' in rule_conf and rule_conf['connection_status']:
         status = rule_conf['connection_status']
         if status['nat'] == 'destination':
-            nat_status = '{dnat}'
+            nat_status = 'dnat'
             output.append(f'ct status {nat_status}')
         if status['nat'] == 'source':
-            nat_status = '{snat}'
+            nat_status = 'snat'
             output.append(f'ct status {nat_status}')
 
     if 'protocol' in rule_conf and rule_conf['protocol'] != 'all':
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index be5960bbd..9e8473fa4 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -629,8 +629,8 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         nftables_search = [
             ['ct state { established, related }', 'accept'],
             ['ct state invalid', 'reject'],
-            ['ct state new', 'ct status == dnat', 'accept'],
-            ['ct state { established, new }', 'ct status == snat', 'accept'],
+            ['ct state new', 'ct status dnat', 'accept'],
+            ['ct state { established, new }', 'ct status snat', 'accept'],
             ['ct state related', 'ct helper { "ftp", "pptp" }', 'accept'],
             ['drop', f'comment "{name} default-action drop"'],
             ['jump VYOS_STATE_POLICY'],
author	Christian Breunig <christian@breunig.cc>	2024-03-06 06:50:45 +0100
committer	GitHub <noreply@github.com>	2024-03-06 06:50:45 +0100
commit	82d40098e3f2d53e2c851e8ffb165d7814c60f0f (patch)
tree	01b08c3e602f7fcf254560191f478ed63f53da47
parent	feb83f2f2b9f1d48bb5389ca5244b56edf2efbc8 (diff)
parent	2f232841a544fb3d602831cf0b2c95c447a245ea (diff)
download	vyos-1x-82d40098e3f2d53e2c851e8ffb165d7814c60f0f.tar.gz vyos-1x-82d40098e3f2d53e2c851e8ffb165d7814c60f0f.zip