summaryrefslogtreecommitdiff
path: root/op-mode-definitions
diff options
context:
space:
mode:
authortalmakion <andrewt@telekinetica.net>2024-07-28 21:47:07 +1000
committerGitHub <noreply@github.com>2024-07-28 14:47:07 +0300
commite2bf8812f73a75356f56274968be8859a2186d73 (patch)
tree2f71b4042bb602ca58f03792af0143903e8e3f24 /op-mode-definitions
parentba4198fc3cb80628ad38118f4dcc3bfe43181de1 (diff)
downloadvyos-1x-e2bf8812f73a75356f56274968be8859a2186d73.tar.gz
vyos-1x-e2bf8812f73a75356f56274968be8859a2186d73.zip
firewall: T4694: Adding rt ipsec exists/missing match to firewall configs (#3616)
* Change ipsec match-ipsec/none to match-ipsec-in and match-none-in for fw rules * Add ipsec match-ipsec-out and match-none-out * Change all the points where the match-ipsec.xml.i include was used before, making sure the new includes (match-ipsec-in/out.xml.i) are used appropriately. There were a handful of spots where match-ipsec.xml.i had snuck back in for output hooked chains already (the common-rule-* includes) * Add the -out generators to rendered templates * Heavy modification to firewall config validators: * I needed to check for ipsec-in matches no matter how deeply nested under an output-hook chain(via jump-target) - this always generates an error. * Ended up retrofitting the jump-targets validator from root chains and for named custom chains. It checks for recursive loops and improper IPsec matches. * Added "test_ipsec_metadata_match" and "test_cyclic_jump_validation" smoketests
Diffstat (limited to 'op-mode-definitions')
0 files changed, 0 insertions, 0 deletions