diff options
author | Christian Breunig <christian@breunig.cc> | 2024-02-01 21:41:07 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-01 21:41:07 +0100 |
commit | b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42 (patch) | |
tree | ab74c9d546390b4c5585fe740d0898374df6d1b6 /data/templates/firewall/nftables-defines.j2 | |
parent | cd4b03898e99b7317d2cbdf614bc14caf2e9bbce (diff) | |
parent | 3ce9583b9420ed72cf45728f439f00b1c4cf5800 (diff) | |
download | vyos-1x-b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42.tar.gz vyos-1x-b24e2cbef7fc5c4b2a1a4533ff75e01dea0c2b42.zip |
Merge pull request #2924 from vyos/mergify/bp/sagitta/pr-2756
T4839: firewall: Add dynamic address group in firewall configuration (backport #2756)
Diffstat (limited to 'data/templates/firewall/nftables-defines.j2')
-rw-r--r-- | data/templates/firewall/nftables-defines.j2 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2 index a20c399ae..8a75ab2d6 100644 --- a/data/templates/firewall/nftables-defines.j2 +++ b/data/templates/firewall/nftables-defines.j2 @@ -98,5 +98,26 @@ } {% endfor %} {% endif %} + +{% if group.dynamic_group is vyos_defined %} +{% if group.dynamic_group.address_group is vyos_defined and not is_ipv6 and is_l3 %} +{% for group_name, group_conf in group.dynamic_group.address_group.items() %} + set DA_{{ group_name }} { + type {{ ip_type }} + flags dynamic, timeout + } +{% endfor %} +{% endif %} + +{% if group.dynamic_group.ipv6_address_group is vyos_defined and is_ipv6 and is_l3 %} +{% for group_name, group_conf in group.dynamic_group.ipv6_address_group.items() %} + set DA6_{{ group_name }} { + type {{ ip_type }} + flags dynamic, timeout + } +{% endfor %} +{% endif %} +{% endif %} + {% endif %} {% endmacro %} |