summaryrefslogtreecommitdiff
path: root/python/vyos/firewall.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-06-10 20:19:17 +0200
committerGitHub <noreply@github.com>2022-06-10 20:19:17 +0200
commitc3275306ce56bd803c6f833d85c9212ea8db0dfe (patch)
treeffcbb4b966bcc84e021d193d7c4b3c7622e6f6ab /python/vyos/firewall.py
parent299e16aae6d2b1038be5b3d492000c590050b4c9 (diff)
parent81a269d2d7ac669b6de2e46f9a331525b930b589 (diff)
downloadvyos-1x-c3275306ce56bd803c6f833d85c9212ea8db0dfe.tar.gz
vyos-1x-c3275306ce56bd803c6f833d85c9212ea8db0dfe.zip
Merge pull request #1355 from nicolas-fort/T4458-ipv4-ttl
Firewall:T4458: Add ttl match option in firewall
Diffstat (limited to 'python/vyos/firewall.py')
-rw-r--r--python/vyos/firewall.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 31fe8b5e3..355ec44b0 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -231,6 +231,13 @@ def parse_rule(rule_conf, fw_name, rule_id, ip_name):
value = rule_conf['hop_limit'][op]
output.append(f'ip6 hoplimit {operator} {value}')
+ if 'ttl' in rule_conf:
+ operators = {'eq': '==', 'gt': '>', 'lt': '<'}
+ for op, operator in operators.items():
+ if op in rule_conf['ttl']:
+ value = rule_conf['ttl'][op]
+ output.append(f'ip ttl {operator} {value}')
+
for icmp in ['icmp', 'icmpv6']:
if icmp in rule_conf:
if 'type_name' in rule_conf[icmp]: