summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables-defines.j2
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2024-01-05 12:13:17 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-02-01 20:22:26 +0000
commit3ce9583b9420ed72cf45728f439f00b1c4cf5800 (patch)
treefa903955d30ca32944bf0b89daf33f928760eb23 /data/templates/firewall/nftables-defines.j2
parent9109a5603963216180f6d6fe09820ee1ba227ade (diff)
downloadvyos-1x-3ce9583b9420ed72cf45728f439f00b1c4cf5800.tar.gz
vyos-1x-3ce9583b9420ed72cf45728f439f00b1c4cf5800.zip
T4839: firewall: Add dynamic address group in firewall configuration, and appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
Diffstat (limited to 'data/templates/firewall/nftables-defines.j2')
-rw-r--r--data/templates/firewall/nftables-defines.j221
1 files changed, 21 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index a20c399ae..8a75ab2d6 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -98,5 +98,26 @@
}
{% endfor %}
{% endif %}
+
+{% if group.dynamic_group is vyos_defined %}
+{% if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %}
+{% for group_name, group_conf in group.dynamic_group.address_group.items() %}
+ set DA_{{ group_name }} {
+ type {{ ip_type }}
+ flags dynamic, timeout
+ }
+{% endfor %}
+{% endif %}
+
+{% if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %}
+{% for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %}
+ set DA6_{{ group_name }} {
+ type {{ ip_type }}
+ flags dynamic, timeout
+ }
+{% endfor %}
+{% endif %}
+{% endif %}
+
{% endif %}
{% endmacro %}