diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-01-05 12:13:17 +0000 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-02-01 20:22:26 +0000 |
commit | 3ce9583b9420ed72cf45728f439f00b1c4cf5800 (patch) | |
tree | fa903955d30ca32944bf0b89daf33f928760eb23 /data/templates/firewall/nftables-defines.j2 | |
parent | 9109a5603963216180f6d6fe09820ee1ba227ade (diff) | |
download | vyos-1x-3ce9583b9420ed72cf45728f439f00b1c4cf5800.tar.gz vyos-1x-3ce9583b9420ed72cf45728f439f00b1c4cf5800.zip |
T4839: firewall: Add dynamic address group in firewall configuration, and appropiate commands to populate such groups using source and destination address of the packet.
(cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122)
Diffstat (limited to 'data/templates/firewall/nftables-defines.j2')
-rw-r--r-- | data/templates/firewall/nftables-defines.j2 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2 index a20c399ae..8a75ab2d6 100644 --- a/data/templates/firewall/nftables-defines.j2 +++ b/data/templates/firewall/nftables-defines.j2 @@ -98,5 +98,26 @@ } {% endfor %} {% endif %} + +{% if group.dynamic_group is vyos_defined %} +{% if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %} +{% for group_name, group_conf in group.dynamic_group.address_group.items() %} + set DA_{{ group_name }} { + type {{ ip_type }} + flags dynamic, timeout + } +{% endfor %} +{% endif %} + +{% if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %} +{% for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %} + set DA6_{{ group_name }} { + type {{ ip_type }} + flags dynamic, timeout + } +{% endfor %} +{% endif %} +{% endif %} + {% endif %} {% endmacro %} |